Search

Description Name: NEMUCOD - HTTP (Request) - Variant 5 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:...

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other

Description Name: XORBAT - Ransomware - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:...

Lectool 1007711* - Ransomware XORBAT Suspicious Server Ransomware Activity 1007582* - Ransomware Lectool-1 Web Application Common 1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability

%Windows%\winsxs\amd64_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_419ce09d71f61ee8\Amd64 %Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

\S-1-5-21-2407829820-1079796033-203259571-500\Software\ AppDataLow\Software\MPMP\ Plugins\21 HKEY_USERS\S-1-5-21-2407829820-1079796033-203259571-500\Software\ AppDataLow\Software\MPMP\ Plugins\2 HKEY_USERS

\node_modules\bluebird\js\browser %AppDataLocal%\Programs\safe-watch\resources\app\node_modules\sax %AppDataLocal%\Programs\safe-watch\resources\app\node_modules\scss-tokenizer\lib %AppDataLocal%\Programs

Tools\help\wwhelp\wwhimpl\js\images\spc_tabm.gif %System Root%\Program Files\VMware\VMware Tools\help\wwhelp\wwhimpl\common\html\init3.htm %System Root%\Program Files\Java\jre1.8.0_144\lib\images\cursors

\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\api %AppDataLocal%\Google\Chrome\User Data\Default\Extensions

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\ winservice86\Plugins\4 HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\ winservice86\Plugins\2 HKEY_LOCAL_MACHINE\Software

%User Profile%\login\css %User Profile%\css\retina %User Profile%\login\images %User Profile%\images\retina %User Profile%\login\js %User Profile%\login\languages %User Profile%\css\platform %Program

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

%Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js %Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This

reader dc\Reader\webresources\resource0\static\js\plugins\app-center\css\main-selector.css %Program Files%\Adobe\acrobat reader dc\Resource\typesupport\Unicode\Mappings\win\CP1258.TXT %Program Files%\Adobe

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This