Search
Keyword: URL
Description Name: Data-stealing malware - URL used for callbacks and downloads - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indica...
Description Name: Malicious URL - HTTP (Request) - Variant 5 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are ...
Description Name: Suspicious URL - IM . This is Trend Micro detection for packets passing through MSN and instant messaging network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection. Below are s...
Description Name: Suspicious URL - HTTP (Request) - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are ...
Description Name: URL in Deny List (Action is [Monitor only]) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are...
Description Name: URL in Deny List (Action is [Monitor and reset]) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Belo...
"/bin/httpdns" which is executed to connect to a URL "https://{BLOCKED}in.com/raw/gC0QiNsw" containing the bash script. The bash script contains the schedule task and the coinminer itself. Downloaded from the
" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ sdp (Default) = URL:SDP Protocol HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ sdp URL Protocol = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ sdp\shell\open\ command (Default) = "{Malware Filename
Description Name: Callback to URL in Suspicious Objects list . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are s...
advertisements. The installation package consists of the following files: AllatPayCS.dll gdiplus.dll QBCautorun_new.exe QBreload.exe QuickBae_Call.exe It connects to the URL http://{BLOCKED}3.co.kr/cust to download
file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
following URL to monitor the malicious user's generated account's activity: twitter.com It only runs after the date April, 3, 2015. It does not run on the following days of the week: Saturday Sunday It uses
The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan requires its main component to successfully perform its intended
http://{BLOCKED}.{BLOCKED}.15.172 NOTES: It may pass the following URL parameters: /stat?uptime={value}&downlink={value}&uplink={value}&id={id}&statpass={password}&vers
\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware
its execution: Request data via HTTP GET from http://{BLOCKED}a.ru/write.php?exten=yes Sends the gathered GUID via HTTP POST to URL http://{BLOCKED}a.ru/write.php: The dropped ransome note
the malicious link http://yxtz7.{BLOCKED}t.me : Upon clicking the link, it accesses the URL http://yxtz7.{BLOCKED}t.me/{url path} , which displays a fake Microsoft Office Outlook Web Access page. The
following: Accesses the following URL to get images for its fake web page: http://{BLOCKED}undantgraceogba.org/paged/content/new_bg.jpg http://{BLOCKED}undantgraceogba.org/paged/content/app_switcher.png Upon
/www/vhosts dir.log - contains the first directory found Other System Modifications This Trojan deletes the following files: ck.log dir.log Download Routine This Trojan downloads the file from the following URL
password: Sends the gathered credentials to the following URL via HTTP POST: http://{BLOCKED}ssportcom.com/ostoj1/next.php Connects to the following URL(s) to display the fake document: http://{BLOCKED