Search
Keyword: URL
connection: http://blogs.yahoo.co.jp/dueyamata/63952915.html http://blogs.yahoo.co.jp/katamato201308/66465798.html NOTES: This malware may connect to the following URL for plurk to return an error page with
connects to a url -x or --xor ==> encrypt/decrypt the network traffic -e or --executable ==> run executable after connected -i or --ip ==> listen ip (ignored = all ips) -p or -- port ==> listen
Trojan accesses the URL {BLOCKED}.{BLOCKED}.35.133:33136/1812us11/{Computer Name}/0/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating system
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: ldcrlio t tt Other Details This Trojan
application saves the files it downloads using the following names: %User Temp%\{GUID} The file is archive containing containing files that are extracted and executed. The file downloaded varies from URL
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored
from the following URL and renames the file when stored in the affected system: http://{BLOCKED}eblanche.fr/345/wrw.exe It saves the files it downloads using the following names: %User Temp%/treviof.exe
malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected
--algo=ALGO specify the algorithm to use (cryptonight,cryptonight-lite,cryptonight-heavy) -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user=USERNAME
CVE-2011-1894 A vulnerability exists in the MHTML protocol handler in Windows. An attacker must successfully lure a potential victim to open or click on a specially crafted URL in a website. Once
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
mpa msc msp msstyles msu mui nls nomedia ntldr ocx pf prf rom rtp scr sfile sfile2 sfile3 sfile4 sfile5 shs skeys spl sys theme themepack url Downloaded from the Internet, Dropped by other malware
Client Common 1008937 - Apache Subversion Client svn-ssh URL Command Execution Vulnerability (CVE-2017-9800) 1009092* - Foxit PDF Reader JavaScript 'XFA Clone' Remote Code Execution Vulnerability
Computer name Current process ID Operating system version and Architecture Other Details This Backdoor does the following: It connects to the following URL to download an encyrpted component loaded in its
copy of itself uninstall Uninstall itself from the system and removable drives send Downloads and executes a file from a URL specified by the C&C server. It uses the same file name with the one in the
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search
\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.bigfoot.com
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
"ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts