Search

}c.org/@943/@43/cart.php Other Details This Trojan does the following: It connects to the following URL for the icon used by the webpage: https://{BLOCKED}lox.com.au/appsuite/v=7.8.0-6.{BLOCKED

}o.com/97fa22398eecc10061faa658e528684a.png https://{BLOCKED}o.com/429548e6cd1f7f512c1dcbd0003caaeb.png It redirects the webpage to the following URL after sending the user credentials: https://www.onedrive.com It does not exploit any

}n54t14.ru/viewdocument/next.php Other Details This Trojan does the following: It disguises itself as a login page to access a document: After sending the user credentials, the webpage will be redirected to the domain URL of the

information-stealing capability. Other Details This Trojan does the following: It connects to the following URL to load a malicious template file: https://{BLOCKED}ll.top/orb.doc It takes advantage of the following

}jk.pantheonsite.io/MN/key.php Other Details This Trojan does the following: It disguises itself as a login page to access a voice mail. It connects to the following URL for images displayed inside the webpage: https://{BLOCKED

Description Name: EVILPROXY - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Data Exfiltration. This also indicates a malware infection. Below are some indicators of an infected ...

user: ping - use to check the status of the victim CloseServer - terminates the application RestartServer - Restart the application sendfile - send file and execute download - download file from URL and

{BLOCKED}.com/a.jsp -> downloads and executes a script which contains a powershell command indicating the download URL for the payload http://{BLOCKED}.{BLOCKED}x.com/a.jsp -> downloads and executes a script

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony URL Protocol = {NULL} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony\DefaultIcon {NULL} = C:\Program Files\MiPony\MiPony.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony\shell

sends the gathered information via HTTP POST to a certain URL. It sends a text message containing the IMEI and the device model to a randomly chosen number. It connects to a certain URL to download

following URL and renames the file when stored in the affected system: http://{BLOCKED}idata.com/eng/test/jp1.php?m={random}&os={os version}&ie={ie version} http://{BLOCKED}.{BLOCKED}.35.58/531.gif It saves

download Tor and connect to the given URL to retrieve the private key for decryption Other Details This Trojan encrypts files with the following extensions: pwm kwm safe groups txt cer crt der pem doc docm

receive information: xmr.{BLOCKED}-pool.fr:3333 It does the following: It accepts the following parameters: -K, --keep-gantle Reverse some processors for host' processing -o, --url=URL == URL of mining

\Templates\{6 Random Numbers}.exe If the “First method” did not work properly, the malware will proceed with the “Second method”, by also connecting to the same URL mentioned above to download the intended

connectaddress=1.1.1.1 connectport=53 Create scheduled task: Task Name: \Microsoft\windows\Rass Action: powershell -nop -ep bypass -e {Base-64 encoded} Uses the following URL to get the public IP address: https://

following URL to load the fake login page: https://{BLOCKED}ess-zebrax0x.surge.sh/excelUILOGO.js It redirects the webpage to the following URL to load the error page: https://{BLOCKED

click the link supplied in the spammed email, it will redirect into a page featuring embedded videos of the event. During the redirection, it will connect to a malicious URL to automatically download

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it

" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\infoaxe_google\ URL 604 = "http://www.infoaxe.com/enhancedsearch.jsp?cx=partner-pub-6808396145675874:scfw9ganq4h&cof=FORID:10&ie=ISO-8859-1&q=

file. However, the URL where the malware connects to is not in the malware body. VirTool:Win32/Injector.gen!AD (Microsoft)