Search
Keyword: js_nindya.a
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other
{hex}" Backdoor Routine This backdoor connects to the following URL(s) to send and receive commands from a remote malicious user: http://{BLOCKED}meand.com/sl/gate.php http://{BLOCKED
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It does not have any propagation routine. It does not have any backdoor routine. It modifies the Internet Explorer
This Trojan may be downloaded by other malware/grayware from remote sites. It executes then deletes itself afterward. It is capable of encrypting files in the affected system. Arrival Details This
product detects a file under this detection name, do not execute the file.
product detects a file under this detection name, do not execute the file.
This Trojan connects to the following URL(s) to send and receive commands from a remote malicious user: http://{BLOCKED}.{BLOCKED}.8.183 http://{BLOCKED}.{BLOCKED}.118.173 http://{BLOCKED}.{BLOCKED
malware/grayware or malicious users. Installation This Trojan drops and executes the following files: %User Temp%\file.js Upon executing this file, it will try to download a file and saves it using the following
product detects a file under this detection name, do not execute the file.
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040) 1001839* - Restrict
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services - Client 1009586 - Microsoft Internet Explorer DLL Loading Arbitrary Code Execution Vulnerability Over
* indicates a new version of an existing rule Deep Packet Inspection Rules: Mail Server Common 1010145* - OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247) Oracle E-Business
* indicates a new version of an existing rule Deep Packet Inspection Rules: Apache JServ Protocol 1010184 - Identified Apache JServ Protocol (AJP) Traffic Oracle E-Business Suite Web Interface
* indicates a new version of an existing rule Deep Packet Inspection Rules: Advanced Message Queuing Protocol (AMQP) 1011585* - SolarWinds Network Performance Monitor Insecure Deserialization
* indicates a new version of an existing rule Deep Packet Inspection Rules: NFS Server 1011740* - Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2023-24941) Unix Samba
* indicates a new version of an existing rule Deep Packet Inspection Rules: Oracle E-Business Suite Web Interface 1011516 - Oracle E-Business Suite Unauthorized Access Vulnerability (CVE-2022-21500)
* indicates a new version of an existing rule Deep Packet Inspection Rules: Microsoft Office 1011506 - Microsoft Excel Memory Corruption Vulnerability (CVE-2008-0114) 1011507 - Microsoft Excel Memory
* indicates a new version of an existing rule Deep Packet Inspection Rules: Atlassian Bitbucket 1011540* - Atlassian Bitbucket Server and Data Center Remote Command Execution Vulnerability
This Ransomware drops files as ransom note. Installation This Ransomware drops the following copies of itself into the affected system: %System32%\{Malware Filename}.exe %User Startup%\{Malware
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1011037* - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018) 1011027* - Identified Session