Search
Keyword: URL
Information Theft This Trojan Spy steals the following information: Internet Credentials: URL Username Password Stolen Information This Trojan Spy saves the stolen information in the following file: %User Temp%
capability. Other Details This Backdoor does the following: It connects to the following URL to download backdoor modules: http://{random numbers}.api.{BLOCKED}-internal.com/stats/start-session?s_iv={value}
capability. Other Details This Backdoor does the following: This backdoor connects to the following URL to get and execute an arbitrary codes: {BLOCKED}.{BLOCKED}.128.147:443 182.246.128.147:443 --> It does not
Trojan does not have rootkit capabilities. Other Details This Trojan does the following: It displays the following upon opening on a browser. It connects to the following URL to download a JavaScript file.
URL received through the request parameter name "php" Downloaded from the Internet, Dropped by other malware Executes commands
Application does the following: This file is a copy of xmrig 6.3.3 command-line binary for mac systems It accepts the following parameters: -o or --url={URL} -> URL of mining server -a or --algo={ALGO} ->
following URL to download a component which it will load in its memory and perform its malicious routine: http://{BLOCKED}.{BLOCKED}.22.148:443 http://82.118.22.148:443 --> However, as of this writing, the
connects to the following URL to download the main backdoor module: http://{BLOCKED}.{BLOCKED}.{BLOCKED}.15:62222/1wbS However, as of this writing, the said sites are inaccessible. It does not exploit any
Trojan does not have any backdoor routine. Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames
Miley Cyrus, Lady Gaga, and Rihanna and was compromised through the insertion of an iframe tag that redirects users to a malicious URL where the exploit is hosted. How does this threat affect users?
password used. It then sends the gathered data to a remote IP address. It monitors the HTTP headers being sent by searching for certain strings. It sends the stolen HTTP header to a remote URL as part of the
ex_module_base ext_ip host hostname install_time is_admin lb login nick os pass qbot_version th_args th_flags th_title time url user It steals information by monitoring the following applications: firefox.exe
affected system. This file contains a URL where it connects to possibly download other files. However, as of this writing, the said sites are inaccessible. Arrival Details This worm arrives via removable
analysis of the codes, it has the following capabilities: Connects to this URL to get IP addresses that it sets as the new DNS server address: http://www.{BLOCKED}ckin.com/inlogger.php?h={computer name}&u=
url update - overwrite script execute -execute file cmd - shell command Attack - continuous ping ourl - access a url close - terminate script restart - forced restart of machine command shutdown -
connecting to the following URL: {Proxy server name}:{Port Number} The proxy server name and port number depends on the following file: {malware path}\conf.ini It accesses the following URL to read its
the following URL to read its configuration: http://{BLOCKED}cj.com/blog/wp-includes/pomo/index.php Its configuration contains the C&C domain name information. However, as of this writing, the said URL
URL of mining server -O, --userpass=U:P == username:password pair for mining server -u, --user=USERNAME == username for mining server -p, --pass=PASSWORD == password for mining server --cert=FILE ==
systems sustain increased wear and tear from processing coin blocks and the infected systems will work abnormally slow. It accepts the following parameters: -o, --url=URL → URL of mining server -O,