Search
Keyword: URL
Socks proxy (port to use, IP address to allow, IP address to deny, User-Agent, view server info, end proxy service) List, add, delete, or modify a user account Download file from a URL Share a shell
Details This Trojan does the following: Executes a script from the URL http://{BLOCKED}u.com/3? - script that connects to the URLs mentioned above to download and execute a malicious file
OSX_WIRELURK.A) enables the malware to download an updated copy of itself from the server and save it as follows: /usr/local/machook/update/update.zip It connects to the following URL to retrieve a link of its
contains textbox for username/email and password. Upon clicking the "Download File" button on the pop-up window, the malware will connect to this malicious URL to send the stolen information (username and
contains textbox for username/email and password. Upon clicking the "Download File" button on the pop-up window, the malware will connect to this malicious URL to send the stolen information (username and
inaccessible. Other Details This Exploit does the following: It connects to the following URL to execute a malicious script: https://{BLOCKED}in.com/raw/{BLOCKED}bB The malicious script may contain the following
the following URL to download and execute arbitrary malicious code: http://{BLOCKED}.{BLOCKED}.227.242/qa.ph However, as of this writing the said site is inaccessible. Terminates running svchost.exe
inaccessible. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://www.{BLOCKED}a-fazendacnpj.info/01-12-2015/Mseserver.html
events Obtain promo offers and post them Comment on fanpage posts It connects to the following URL to generate click profits: http://{BLOCKED}s.{BLOCKED}g.us http://{BLOCKED}r.info/adlinks.php Here are
remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. mozilla firefox 0.1,mozilla firefox 0.10,mozilla firefox
Trojan downloads the file from the following URL and renames the file when stored in the affected system: {BLOCKED}e.be/shop/misc/textarea.exe www.{BLOCKED}orship.org/images/index.exe It saves the files it
Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}d.co.il/images/navigation.exe It saves the files it downloads using the following
malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}uxcanwu2ru.top/log.php?f=400 It saves the files it downloads using the following names: %User Temp%\{random
following URL and renames the file when stored in the affected system: http://{BLOCKED}eimdoctor.biz/1xxquux http://{BLOCKED}aauto.com/tyknnq http://{BLOCKED}aginas.com/kftx6100 http://{BLOCKED}ch.at/rp9uyjw6
downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads
malware/grayware or malicious users. Installation This Trojan drops and executes the following files: %User Temp%\ooJHggggcgjc.vbs -> capable of connecting to a possibly malicious URL to download a file (Note: %User
without httPort and headless ./{numbers} -c Process that uses the following URL and Ports: {BLOCKED}.{BLOCKED}.55.86:443 {BLOCKED}.{BLOCKED}.65.238 {BLOCKED}.{BLOCKED}.52.87 :433 :23 :443 :143 :2222
HeartbeatTime = {Random number} Other Details This Adware does the following: It gets information from the following URL via HTTP GET: http://app.{BLOCKED}u.com/Offers?url=silent%20download&id={Random numbers
Password: root admin admin123 huigu309 xc3511 vizxv It is capable of dropping downloader binaries depending on the system architecture. The dropped binary accesses the following URL to download its payload: