Search
Keyword: URL
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Other Details This Trojan executes the downloaded file
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames
to affected computer Delete file/s from affected computer Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download file from local
user’s browser tab and downloads content from a Twitter user’s profile. The cybercriminals use the affected Twitter user’s profile content to hide the malicious URL that the plugin connects to. Once
does not have any information-stealing capability. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining
lower-left will access the following URL (Agreement Page):
http://{BLOCKED}stant.net/agreement.html By default, it will install multiple applications. However, the user can select which applications to install
/usr/bin/.sshd /usr/bin/bsd-port/getty Process that uses the following URL and Ports: {BLOCKED}.{BLOCKED}.{BLOCKED}.86:443 {BLOCKED}.{BLOCKED}.{BLOCKED}.238 {BLOCKED}.{BLOCKED}.{BLOCKED}2.87 :3333 :4444 :5555
C:\ on all Windows operating system versions.) Download Routine This Trojan connects to the following URL(s) to download its component file(s): http://{BLOCKED}f.biz/ask.txt - updated URL list http://
XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) Download Routine This Ransomware downloads the file from the following URL and renames the file when stored in the affected system:
will work abnormally slow. accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonightite -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for
accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining server -O, --userpass=U:P → username:password pair for mining server -u, --user
by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED
\CurrentControlSet\ services\BITS Type = "272" (Note: The default value data of the said registry entry is "32" .) Download Routine This spyware downloads the file from the following URL and renames the file when
the following additional components to properly run: {malware path}\iusb3mon.dat -> also detected as TROJ_CIVIRDAT.D NOTES: The downloaded configuration file contains the following information: URL of
infinite sleep command to avoid unloading of memory of process to dump. It sleeps for 21,000 seconds when AvastSvc.exe is running. It needs another plugin/component gforce_dll for its URL spoofing done on
addresses with the following URL path: /file.htm /online.htm /start.htm /install_login.htm /setup.htm /welcome.htm /search.htm /home.htm /default.htm /index.htm Backdoor:Win32/Kelihos.F (Microsoft)
\System32.) Download Routine This spyware downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}idata.com/eng/test/jp1.php?m={random}&os={os version
p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id=2886098&cname={computer name}&arch
{data/code}" Download/Execute Arbitrary Plugins Uninstall itself Drops and executes the following: %User Temp%\xxm{random}.bat Change the Interval of activity time Change the C&C URL accessed Download and
{data/code}" Download/Execute Arbitrary Plugins Uninstall itself Drops and executes the following: %User Temp%\xxm{random}.bat Change the Interval of activity time Change the C&C URL accessed Download and