Search
Keyword: URL
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
download_a3x ← download and execute autoit script msgbox ← display msgbox url ← visit url cmd ← execute command shell GoTorat ← execute RAT commands If the backdoor command contains "GoTorat", it may perform the
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
\SYSTEM\ControlSet001\ Services\BITS URL = "%System Root%\Inetpub\wwwroot\1.txt" Other Details This Trojan connects to the following possibly malicious URL: (Note: %System Root% is the root folder, which is
information-stealing capability. NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware connects to depends on the parameter kakat passed onto it by its components. It does
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: STCU aCPtgv LVyfSEPSw Other Details
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
is downloaded when a vulnerable system connects to the URL where this Trojan is hosted. Exploit:Java/CVE-2013-1493 (Microsoft), a variant of Java/Exploit.CVE-2013-1493.BE trojan (ESET) Downloads files,
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}ownloadgroup.com/405.php?id=92.1 http://{BLOCKED}ersecurityauto.com/buynow.php?bid=92.1
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: RluWYitWd OsYSu JsSesgKUF Other Details
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Information Theft This Trojan does not have any
As a result, malicious routines of the downloaded files are exhibited on the affected system. As of this writing, the said sites are inaccessible. NOTES: It connects to the following URL to inform a
randomly-generated URL as follows: http://{10 random characters}.com/index.html?{random} http://{10 random characters}.net/index.html?{random} http://{10 random characters}.org/index.html?{random} http://{10 random
then connects to a deceiving URL purportedly related to Trend Micro and Skype. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This malware
executed to relate the abovementioned __EventConsumer to the __EventFilter . The malicious script connects to the following URL to notify a remote user of an infection, download other files, and receive
executed to relate the abovementioned __EventConsumer to the __EventFilter . The malicious script connects to the following URL to notify a remote user of an infection, download other files, and receive