Search
Keyword: URL
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
Server and URL to send and receive information: {random numbers}.ns7.{BLOCKED}ervice.com/updates.rss {random numbers}.ns8.{BLOCKED}ervice.com/pixel.gif {random numbers}.ns9.{BLOCKED}ervice.com/dot.gif It
Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.89.4/good/good.exe It takes advantage of the
Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: viz
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}utplanet.com/ty43ff333.exe It saves the files it downloads using the following names: %User Temp%
following URL to verify the key: https://jokebeatzz.l{BLOCKED}ty.de/kws.txt As of this writing, the current key is "cracked:cracked" Trojan.Win32.Diztakun.bckd (Kaspersky); Ransom.HiddenTear (Symantec);
or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}n.co.uk/wp-content/uploads/2012/09/banner.exe It saves the files it downloads
Delete, Creation Time) Retrieve Volume/Drive Information Visit URL / Download File Delay (10s) It connects to the following websites to send and receive information: http://{BLOCKED}sean.{BLOCKED}p.net/
and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.238.178:443/search?hl={random} NOTES: It sends the following information to the URL upon connection: OS Version Volume Information
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its
" Other Details This Trojan connects to the following possibly malicious URL: {random domain name}.xyz {helplinks URL of installed program} However, as of this writing, the said sites are inaccessible.
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}cro.com.br/m8isda It saves the files it downloads using the following names: %User Temp%
remote user or malware/grayware to download files: Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556) It downloads a possibly malicious file from a certain URL. The URL where this
browser, it will connect to the URL mentioned above and will display a download window where the user can set the path and filename of the downloaded file manually. NOTES: This malware displays the following
following URL to download its payload: http://{BLOCKED}.{BLOCKED}.195.33/assailant.{architecture} where {architecture} is any of the following" Mips Mps1 Sh4 X86 Arm6 I686 Ppc I586 M68k Sparc Arm4 Arm5 Arm7
ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability 1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability Integrity Monitoring Rules: There are no new
downloads and runs its payload Query Download Data Init_agent.plist calls agent.sh every hour The url that agent.sh downloads is dependent from another downloaded file from https://mobiletraits.s3.{BLOCKED
the following URL to gather IP address and geolocation of the machine. https://{BLOCKED}o.io Trojan-Downloader.PowerShell.Agent (IKARUS) Downloaded from the Internet, Dropped by other malware Connects