Search
Keyword: URL
-a, --algo=ALGO specify the algorithm to use( cryptonight, cryptonight-lite, cryptonight-heavy) -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user
}.86.129:80 {BLOCKED}.{BLOCKED}.99.221:80 workforce.{BLOCKED}list.com It does the following: Accepts the following parameters: -a, --algo=ALGO specify the algorithm to use cryptonight -o, --url=URL URL of
Firefox This malware does any of the following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files The file names used for its
the following website to send and receive information: http://{BLOCKED}nflatei35.onion.link:80/paid?id={generated 16 hex values} - ransom payment URL http://{BLOCKED}nflatei35.onion.link:80/static/win -
silverlake v48d0250s1 It connects to the following URL to send information: {BLOCKED}tazce-ru.com:443 W32/Shiz.NCP!tr.spy (Fortinet); Win32/Spy.Shiz.NCP (ESET); Dropped by other malware, Downloaded from the
to get the affected system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number
system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/09SAL11/{data} to report
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
{807BF02B-3F5F-4570-970A-8AADBAA55AC1} . "36A900E5-0AE5-4ca6-84B4-45A05B42E705}_262144_124160" is decrypted from code section. It uses "Caguen1aMar" as encryption key for communications with the C&C server. It uses the following URL
remote shell, process termination, etc.) The commands it receives for downloading other files contains the URL where the said files can be downloaded. Backdoor:Win32/Hupigon.EC (Microsoft) Propagates via
NOTES: It connects to the following URL to download files: www.{BLOCKED}o.com/setting.doc However, the said page do not exist. It save the downloaded file as: %System%\setting.ini Worm:Win32/Nuqel.BD
and port number depends on the following file. If the said file is not present, it uses the default proxy settings: {malware path}\mpc.dat It accesses the following URL to read its configuration:
RECYCLE.BIN Recycler TEMP APPDATA AppData Temp ProgramData Microsoft It connects to the following URL to send the victim ID: http://{BLOCKED}lloworld.com/mars.php?id={victim ID} - RAA NOTES: This ransomware
connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/29T11/{data} to report infection of the affected system. The variable {port number} may be any of the following: 12130 12131 12128 It
to access the following URL upon visiting any of the targeted bank-related sites: https://{BLOCKED}ommote.com/gate/script/{BOTID}/JP/{target bank-related URL}/{scriptname}.js PWS:Win32/Zbot!rfn
"Obter Senha" button will open the browser with the URL https://{BLOCKED}y.com/p/F8S3/ and display the following: https://{BLOCKED}y.com is a legitimate site where people can buy and sell digital products
when visiting malicious sites. Other Details This Coinminer does the following: Accepts the following parameters: -a, --algo=ALGO specify the algorithm to use cryptonight -o, --url=URL URL of mining
credentials from the following: Microsoft Outlook Other Details This Backdoor does the following: It connects to the following URL to download updates of itself and inject it to the currently running process of
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387) 1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression
retrieves C2 domains from this URL which it will try to connect to, to download other possible payloads As of this writing, the said sites are inaccessible. Other Details This Trojan requires the following