Search
Keyword: JS_XORBAT.A
of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements. mozilla firefox 3.5 Apply associated Trend Micro
This Trojan may be dropped by other malware. As of this writing, the said sites are inaccessible. It deletes itself after execution. Arrival Details This Trojan may be dropped by the following
This worm drops copies of itself in the Windows Common Startup folder to enable its automatic execution at every system startup. It drops copies of itself into all the removable drives connected to
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other
{hex}" Backdoor Routine This backdoor connects to the following URL(s) to send and receive commands from a remote malicious user: http://{BLOCKED}meand.com/sl/gate.php http://{BLOCKED
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It does not have any propagation routine. It does not have any backdoor routine. It modifies the Internet Explorer
This Trojan may be downloaded by other malware/grayware from remote sites. It executes then deletes itself afterward. It is capable of encrypting files in the affected system. Arrival Details This
product detects a file under this detection name, do not execute the file.
product detects a file under this detection name, do not execute the file.
This Trojan connects to the following URL(s) to send and receive commands from a remote malicious user: http://{BLOCKED}.{BLOCKED}.8.183 http://{BLOCKED}.{BLOCKED}.118.173 http://{BLOCKED}.{BLOCKED
malware/grayware or malicious users. Installation This Trojan drops and executes the following files: %User Temp%\file.js Upon executing this file, it will try to download a file and saves it using the following
product detects a file under this detection name, do not execute the file.
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040) 1001839* - Restrict
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services - Client 1009586 - Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability Over
* indicates a new version of an existing rule Deep Packet Inspection Rules: Mail Server Common 1010145* - OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247) Oracle E-Business
* indicates a new version of an existing rule Deep Packet Inspection Rules: Apache JServ Protocol 1010184 - Identified Apache JServ Protocol (AJP) Traffic Oracle E-Business Suite Web Interface
* indicates a new version of an existing rule Deep Packet Inspection Rules: Advanced Message Queuing Protocol (AMQP) 1011585* - SolarWinds Network Performance Monitor Insecure Deserialization
* indicates a new version of an existing rule Deep Packet Inspection Rules: NFS Server 1011740* - Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2023-24941) Unix Samba
* indicates a new version of an existing rule Deep Packet Inspection Rules: Oracle E-Business Suite Web Interface 1011516 - Oracle E-Business Suite Unauthorized Access Vulnerability (CVE-2022-21500)
* indicates a new version of an existing rule Deep Packet Inspection Rules: Microsoft Office 1011506 - Microsoft Excel Memory Corruption Vulnerability (CVE-2008-0114) 1011507 - Microsoft Excel Memory