Search
Keyword: URL
malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
"explorer.exe" .) Other Details This Ransomware does the following: It executes the following commands to shutdown the system within 4 minutes: shutdown -s -t 240 It connects to the following URL for stat
compromised or malicious website. It requires the arguments found in the website's URL in order to proceed with its intended routine. EXP/FLASH.Lodabytor.T.Gen (Avira) Downloaded from the Internet
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
following: Drops the following file as a copy of "POWERSHELL.exe": %User Profile%\{random capital leters}\{random capital leters}.EXE It connects to the following URL to download and execute codes to its
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.197.153/krabaldento.exe It saves the files it downloads using the following names:
-noninteractive -windowstyle hidden -EncodedCommand {base64 encoded powershell command} It connects to the following URL to download and execute a malicious PowerShell script. However, as of this writing, the said
\Microsoft.NET\Framework\v3.0\ %Windows%\Microsoft.NET\Framework\v3.5\ %Windows%\Microsoft.NET\Framework\v4.0.30319\ It uses bitsadmin.exe to download the malware from URL to its destination path. The downloaded
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
CVE-2008-1238 Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials
could allow elevation of privilege if users use a specially crafted URL to visit certain websites. These malicious URLs could arrive via spammed messages sent through email or Instant Messaging
C:\ProgramData on Windows Vista, 7, and 8. ) Download Routine This Coinminer downloads the file from the following URL and renames the file when stored in the affected system: http://www.{BLOCKED
malicious URL
affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This
2008, and Windows Server 2012.) Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}y.id/temp/AudDrv.exe Note: This URL is accessed upon the execution of the
Description Name: Amazon Phishing - DNS (Response) . This is Trend Micro detection for packets passing through DNS network protocols that can be used as Data Exfiltration. This also indicates a malware infection. Below are some indicators of an infec...
SharePoint Foundation , Groove Server , and MS Office Web Apps . When exploited, the vulnerabilities may lead to any of the following: cross-site scripting elevation of privilege information disclosure URL
Description Name: Callback to URL in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication....
bi-directional named pipe: status_34545 status_32212 status_1db0 status_89ca It connects to the following URL to get and execute arbitrary commands: {BLOCKED}.{BLOCKED}.195.203:443/ql8G It does not exploit any
}i.space/ml/tby/pd/log.php Other Details This Trojan does the following: It disguises itself as a login page to download a document: After sending the user credentials, the webpage will be redirected to the following URL