Search
Keyword: URL
/tmp/.rksu_sysi.lock It connects to the following URL to get the infected machine's download speed: http://ipv4.download.{BLOCKED}band.com/200MB.zip It sends the gathered information to the following URL: http://
}.{BLOCKED}.201 However as of this writing, the said URL is inaccessible. If a successful connection has been established, the C2 server should reply with the following information: Download links for
a specific file name to proceed with its intended routine. It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: https://d
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
link which supposedly points to a success story article. In actual, the URL points to a rogue Finance Reports website with a screenshot of a check amounting to $8,795 highlighted as a sample to tease
JAVA_BLACOLE. This is a Java class file that is used to execute an exploit code. Once successful, it may download a possibly malicious file from a certain URL. The URL where this malware downloads the said file
Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
}ncessurplus.com/adobe/ NOTES: It checks for the installed Java version. If 1.5 It loads a jar file from the following URL and it passes parameters to it: http://{BLOCKED}ncessurplus.com/topic/accidentally-results-stay.php
Details This Trojan requires its main component to successfully perform its intended routine. NOTES: This Trojan downloads the file from the URL specified in the parameter id . It executes the downloaded
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
URL it accesses is a private IP address. Therefore, it intends to download the file from a host in the Local Area Network (LAN). This file may have been created for testing purposes or the said IP
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Game\ XYDE Url = "{random values}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{30909876-4567-3908-4056-909834565103}\InprocServer32 ThreadingModel =
}o.{BLOCKED}l/wwo7s?fotos={email address of receiver} http://goo.gl/PVwkU?skype={email address of receiver} http://{BLOCKED}o.{BLOCKED}l/WKyb5?profil={email address of receiver} The URL leads the user
files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said
the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: exec xkey