Search

Description Name: Callback to URL in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication....

bi-directional named pipe: status_34545 status_32212 status_1db0 status_89ca It connects to the following URL to get and execute arbitrary commands: {BLOCKED}.{BLOCKED}.195.203:443/ql8G It does not exploit any

}i.space/ml/tby/pd/log.php Other Details This Trojan does the following: It disguises itself as a login page to download a document: After sending the user credentials, the webpage will be redirected to the following URL

}c.org/@943/@43/cart.php Other Details This Trojan does the following: It connects to the following URL for the icon used by the webpage: https://{BLOCKED}lox.com.au/appsuite/v=7.8.0-6.{BLOCKED

}o.com/97fa22398eecc10061faa658e528684a.png https://{BLOCKED}o.com/429548e6cd1f7f512c1dcbd0003caaeb.png It redirects the webpage to the following URL after sending the user credentials: https://www.onedrive.com It does not exploit any

}n54t14.ru/viewdocument/next.php Other Details This Trojan does the following: It disguises itself as a login page to access a document: After sending the user credentials, the webpage will be redirected to the domain URL of the

information-stealing capability. Other Details This Trojan does the following: It connects to the following URL to load a malicious template file: https://{BLOCKED}ll.top/orb.doc It takes advantage of the following

}jk.pantheonsite.io/MN/key.php Other Details This Trojan does the following: It disguises itself as a login page to access a voice mail. It connects to the following URL for images displayed inside the webpage: https://{BLOCKED

the following: It displays the following to lure the user and open a malicious link on their web browser: It opens the following malicious URL on the user's browser: https://{BLOCKED

}arefit.com/jp/nxt.php Other Details This Trojan does the following: It connects to the following URL for the icon used by the webpage: https://{BLOCKED}refit.com/favicon.ico https://{BLOCKED}earbit.com/hitp.ac.jp It

Description Name: EVILPROXY - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Data Exfiltration. This also indicates a malware infection. Below are some indicators of an infected ...

The QR code opens the following URL on a web browser: https://{BLOCKED}8hwfj.sbs/ However, as of this writing, the said site is inaccessible resulting to its requested information from the victim to be

user: ping - use to check the status of the victim CloseServer - terminates the application RestartServer - Restart the application sendfile - send file and execute download - download file from URL and

{BLOCKED}.com/a.jsp -> downloads and executes a script which contains a powershell command indicating the download URL for the payload http://{BLOCKED}.{BLOCKED}x.com/a.jsp -> downloads and executes a script

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony URL Protocol = {NULL} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony\DefaultIcon {NULL} = C:\Program Files\MiPony\MiPony.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ mipony\shell

sends the gathered information via HTTP POST to a certain URL. It sends a text message containing the IMEI and the device model to a randomly chosen number. It connects to a certain URL to download

following URL and renames the file when stored in the affected system: http://{BLOCKED}idata.com/eng/test/jp1.php?m={random}&os={os version}&ie={ie version} http://{BLOCKED}.{BLOCKED}.35.58/531.gif It saves

download Tor and connect to the given URL to retrieve the private key for decryption Other Details This Trojan encrypts files with the following extensions: pwm kwm safe groups txt cer crt der pem doc docm

receive information: xmr.{BLOCKED}-pool.fr:3333 It does the following: It accepts the following parameters: -K, --keep-gantle Reverse some processors for host' processing -o, --url=URL == URL of mining

\Templates\{6 Random Numbers}.exe If the “First method” did not work properly, the malware will proceed with the “Second method”, by also connecting to the same URL mentioned above to download the intended