Search

Keyword: js_xorbat.b22222222222222222

29552 Total Search | Showing Results : 1 - 20

DDI-RULE-2051

Description Name: NEMUCOD - HTTP (Request) - Variant 5 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:...

RANSOM_XORBAT.A

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other

TSPY_DECBAL.A

000000000000000 0000000000000000 00000000000000000 000000000000000000 0000000000000000000 22222222222222222 6666666666666 8888888888888888 5488888888888888 5399999999999999 30044444444444 5577777777777777

DDI-RULE-2124

Description Name: XORBAT - Ransomware - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:...

19-014 (March 19, 2019)

Lectool 1007711* - Ransomware XORBAT Suspicious Server Ransomware Activity 1007582* - Ransomware Lectool-1 Web Application Common 1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability

Ransom_Encoder.R002C0WHT19

%Windows%\winsxs\amd64_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_419ce09d71f61ee8\Amd64 %Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer

Adware.Win32.Crossrider.A

This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Adware arrives on a system as a

Trojan.Win32.DOFOIL.USXVPK319

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

PUA.Win32.SafeWatch.A

\node_modules\bluebird\js\browser %AppDataLocal%\Programs\safe-watch\resources\app\node_modules\sax %AppDataLocal%\Programs\safe-watch\resources\app\node_modules\scss-tokenizer\lib %AppDataLocal%\Programs

RANSOM_CRYPGEN_GE01003E.UVPM

Tools\help\wwhelp\wwhimpl\js\images\spc_tabm.gif %System Root%\Program Files\VMware\VMware Tools\help\wwhelp\wwhimpl\common\html\init3.htm %System Root%\Program Files\Java\jre1.8.0_144\lib\images\cursors

ADW_ADWAPPER

\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\api %AppDataLocal%\Google\Chrome\User Data\Default\Extensions

ADW_WINUSEC

\winservice86\ Plugins\42 Url = "http://js.{BLOCKED}ticinputserv.com/plugins/mins/42.js" HKEY_CURRENT_USER\Software\winservice86\ Plugins\14 Version = "b" HKEY_CURRENT_USER\Software\winservice86\ Plugins\14 Name

PUA.Win32.CinemaPlus.A

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This

TROJ_DELiTIR.A

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

TROJ_COINMINE.WIOB

%User Profile%\login\css %User Profile%\css\retina %User Profile%\login\images %User Profile%\images\retina %User Profile%\login\js %User Profile%\login\languages %User Profile%\css\platform %Program

ADW_INSTALIQ

\zx_13283b3780\dialogs %User Temp%\zx_13283b3780\dialogs\library %User Temp%\zx_13283b3780\dialogs\library\css %User Temp%\zx_13283b3780\dialogs\library\images %User Temp%\zx_13283b3780\dialogs\library\js %User

Ransom.Win32.CRYSIS.TIBGET

%Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js %Program Files%\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes

TROJ_KILLFILE.BL

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

Ransom_Encoder.R020C0WJ919

reader dc\Reader\webresources\resource0\static\js\plugins\app-center\css\main-selector.css %Program Files%\Adobe\acrobat reader dc\Resource\typesupport\Unicode\Mappings\win\CP1258.TXT %Program Files%\Adobe

TROJ_KRYPTIK.SIB

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

Search

Resources

Support

About Trend

Country Headquarters

Search

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific