Search
Keyword: URL
arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." Apply associated Trend Micro DPI Rules. 1000552|
Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2)
parameter to write.php to reference a URL on a remote web server that contains the code. Apply associated Trend Micro DPI Rules. 1000552|
purports as an eFax notification mail. Users are encouraged to view the fax message by clicking a link. Once clicked, the URL goes to a legitimate Dropbox site which downloads a .ZIP file, containing a
strings as part of the URL 2012 adi afp aic ap avi bank blogs book brand build car child com contact css dv events faq flash global go gov gr groups ho home house hp id identity images img java js lib list
on startup. It is capable of logging the user activities on the affected system. It also has a function that is capable of connecting to a URL via HTTP POST. This Trojan arrives as a file that exports
}myhouse.us/test/chkver.php - connects to this URL to check for a newer version of itself http://{BLOCKED}myhouse.us/test/chkpage.php - connects to this URL to download an updated copy of itself or another malware Download
The reply from the said website contains a URL where a file can be downloaded: http://{BLOCKED}.{BLOCKED}.48.46/upfire.exe It then parses the reply to get the URL and downloads the file from the said
connects to the following website to send and receive information: {BLOCKED}.{BLOCKED}.23.108:587 Note: The ransomware will not connect to this URL if the component file is not found. Note: The ransomware
capable of downloading different modules from the C&C Server. If it fails to connect to the initial URL, it then proceeds to connect to the following backup URL for the second payload: http://{BLOCKED
The malware may be hosted in a compromised or malicious website. It requires the arguments found in the website's URL in order to proceed with its intended routine. This Exploit arrives on a system
can force the system to connect to a user-specified URL or open a user-specified TCP port on a system and waits for commands from a remote user. It allows a remote user to remotely execute shell code on
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This file contains a URL where it connects to possibly
malware/grayware or malicious users. Download Routine This Trojan saves the files it downloads using the following names: %User Temp%\CCc6zYCuO -> if URL is inaccessible %User Temp%\CCc6zYCuO.exe -> if URL is
malware/grayware or malicious users. Download Routine This Trojan saves the files it downloads using the following names: %User Temp%\9DRdH24QxK4 -> if URL is inaccessible %User Temp%\9DRdH24QxK4.exe -> if URL is
requires the following parameters of the handled requests: Content-Type header is set to text/html The relative URL of the request contains one of the following substrings: index.php User-Agent header
EXPLORER.EXE , it accesses the URL http://www.{BLOCKED}s.kr/xx/d.exe to get information where to download an updated copy of itself. It then downloads the file from the returned URL and saves it as %User Temp%\
to send and receive commands from a remote malicious user: {C&C domain name}/{8 random characters}{hard-coded string} NOTES: This backdoor may use proxy connections by connecting to the URL {Proxy
to send and receive commands from a remote malicious user: {C&C domain name}/{8 random characters}{hard-coded string} NOTES: This backdoor may use proxy connections by connecting to the URL {Proxy