Search
Keyword: JS_WONKA
Temp%\ip\offers\offers\yandex-stub %User Temp%\ip\js %User Temp%\ip\bin\Tools %User Temp%\ip %User Temp%\ip\offers %User Temp%\ip\img %User Temp%\ip\offers\offers\opera %User Temp%\ip\bin (Note:
\offers\offers\opera %User Temp%\ip\bin %Application Data%\InstallPack\logs %User Temp%\ip %User Temp%\ip\bin\Tools %User Temp%\ip\js %User Temp%\ip\offers\offers %User Temp%\ip\offers\offers\avast %User
\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\api %AppDataLocal%\Google\Chrome\User Data\Default\Extensions
This malware is part of the fileless botnet Novter that is delivered via the KovCoreG malvertising campaign. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded
%Application Data%\InstallPack\logs %User Temp%\ip\img %User Temp%\ip\css %User Temp%\ip\offers %User Temp%\ip\data %User Temp%\ip\offers\offers\yandex-dirty %User Temp%\ip\js %User Temp%\ip\offers\offers\split
%User Temp%\ip\offers\offers %User Temp%\ip\img %User Temp%\ip\offers\offers\split %User Temp%\ip\js %User Temp%\ip\offers\offers\yandex-sovetnik %User Temp%\ip %User Temp%\ip\css (Note: %User Temp% is
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\aaaaggphaebghfengepdepbkegaggggh\51.1_0\config\skin\widgets\SPE-options\js\options.js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
\js\library.js %System Root%\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv %System Root%\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png %Program Files%\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js %System Root%\Program Files\Windows Sidebar\Gadgets
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
\box_new\layer-v2.1\layer\skin %Program Files%\YouWoBox\Cache\js %Application Data%\YouWoBox %Application Data%\Microsoft\Internet Explorer\Quick Launch\User Pinned %Program Files%\YouWoBox\standby F:
\YouWoBox\skins\yxphonegame %Application Data%\YouWoBox\advertisement %Program Files%\YouWoBox\Cache\box_new\js %Program Files%\YouWoBox\Cache\box_new\layer-v2.1\layer\skin\default %User Profile%\AppData F:
This Trojan executes when a user accesses certain websites where it is hosted. This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain malicious
%Program Files%\leyoubox\Cache\box_new\item_wl.html %Program Files%\leyoubox\Cache\box_new\item_wy.html %Program Files%\leyoubox\Cache\box_new\js\box2.js %Program Files%\leyoubox\Cache\box_new\js
\Rar.exe" a -y -ep -inul -k -m0 -hp"{%.FS\sgs5@B{S8pd8@vfuS,)ax-=Tog" "%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.1.0_0\data\js\44 \xd0\xa4\xd0\xb0\xd0
\User Data\Default\Extensions\{Extension ID}\13.917.16.52171_0\js\ajax.js %AppDataLocal%\Google\Chrome\User Data\Default\Extensions\{Extension ID}\13.917.16.52171_0\js\babAPI.js %AppDataLocal%\Google
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a