Search
Keyword: URL
http://www.{BLOCKED}ip.ru/en-EN/index.php NOTES: It will then connect to the following URL to send the stolen formation in an email format: {BLOCKED}essmail.{BLOCKED}l.com Infostealer.Limitail(Symantec)
from %User Temp%\Gyci7EC9.txt and drops and executes the following file: %User Temp%\{random filename}.exe - detected as TSPY_DYRE.YYSLB It connects to the following URL to report infection of the
This malware poses as a Chrome browser plugin required to play videos. Users receive a message with a link in the social networking site, Facebook. Clicking the URL leads to a page that supposedly
\Delete Directory Update Itself Unintall itself Update Config Block and Unblock URL Grab FTP, Cookies, Certificates,POP Upload Information Perform Remote Control Add, Delete, or Edit Registry Create, Open,
exe ini lnk log msi scr sys tmp url It deletes shadow copies by executing the following command: vssadmin.exe Delete Shadows /All /Quiet The malware will access the URL(s) to download its ransom notes.
The URL where it connects to is randomly generated using a randomizing function, which is computed based on the system's current date. However, as of this writing, none of the sites were accessible. It
Explorer window. NOTES: This Trojan checks the affected system's geographic location by accessing the URL http://www.telize.com/geoip . Trojan:Win64/Fleercivet.A (Microsoft), Trojan.Win64.Fleercivet (Ikarus)
}gge.at/ta_tools/gate.php?client_id={value}&connected={value}&server_port={value}&debug={value} However, this URL is idle. It does not have rootkit capabilities. It does not exploit any vulnerability.
file name} Default = "1" Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://
information: HTTP Password HTTP Server URL HTTP User HTTPMail Password2 HTTPMail Server HTTPMail User Name IMAP Password IMAP Password2 IMAP Port IMAP Server IMAP User IMAP User Name NNTP Email Address NNTP
malware does any of the following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files It gathers the following information and
malware does any of the following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files It gathers the following information and
download URL to download other possibly malicious files It gathers the following information and reports it to its servers: Machine Name OS Information (Version, Product ID, Name, Install Date) Explorer File
malware does any of the following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files It gathers the following information and
depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files It gathers the following information and reports it to its servers: Machine
itself. It deletes the cache files of Google Chrome and Mozilla Firefox. This malware does any of the following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to
This Ransomware connects to the following malicious URL to create and send encryption keys: http://{BLOCKED}.{BLOCKED}.3.1/panel/createkeys.php http://{BLOCKED}.{BLOCKED}.3.1/panel/savekey.php However,
following depending on the reply from the C&C: Sleep and wait for next reply Receive download URL to download other possibly malicious files However, as of this writing, the said sites are inaccessible. It
unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it before storing it in the affected system. It retrieves specific information from the affected system.
Dropped by other malware Adds registry entries, Connects to URLs/IPs, Sets homepage to a certain url