Search
Keyword: microsoft internet explorer
connects to the following URLs to load a malicious template file: http://{BLOCKED}.{BLOCKED}.254.18/_errorpages/lawzx.doc It takes advantage of the following vulnerabilities: CVE-2017-0199 | Microsoft
Information This Trojan sends the gathered information via HTTP POST to the following URL: https://sport{BLOCKED}.mv/phc/act.php Other Details This Trojan does the following: It disguises itself as a Microsoft
Information This Trojan sends the gathered information via HTTP POST to the following URL: https://sg.{BLOCKED}sd.cfd/login.php Other Details This Trojan does the following: It disguises itself as a Microsoft
connects to the following URLs to load a malicious template file: https://{BLOCKED}k.com/FSYjJ It takes advantage of the following vulnerabilities: CVE-2017-0199 | Microsoft Office/WordPad Remote Code
following: It disguises itself as a Microsoft login page HTML/Phishing.Outlook.I trojan (NOD32) Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Steals information
from the Internet Encrypts files, Displays message/message boxes
Win32/Filecoder.Spora.A trojan (NOD32); W32/Filecoder_Spora.A!tr (Fortinet) Dropped by other malware, Downloaded from the Internet Encrypts files
Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {7956D4B0-70F3-35A7-569D-1A702FC4160A}
contains common program groups for all users, which is usually C:\Documents and Settings\All Users\Start Menu\Programs on Windows 2000, XP, and Server 2003, or C:\ProgramData\Microsoft\Windows\Start Menu
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run IEHelpService = "%User
squid.exe syssafe.exe tcpview vbox vmsrvc vmware wireshark.exe It also checks if opened windows or classes contain any of the following: CurrPorts* Microsoft Network Monitor 3.3 Process Monitor -
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Srv32Win = {grayware path and file name}.exe Other System
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MSIDLL =
\Microsoft\ Windows\CurrentVersion\Run MSConfig = "%User Profile%\{random filename}.exe \u" It modifies the following registry entries to ensure it automatic execution at every system startup:
or as a file downloaded unknowingly by users when visiting malicious sites. This malware arrives via the following means: Embedded in Microsoft Word Documents Download Routine This Trojan connects to
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\adr","{malware path and filename}");; (Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating
Modifications This Trojan adds the following registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\ Tracing\package_RASAPI32 HKEY_LOCAL_MACHINE\Software\Microsoft\ Tracing\package_RASMANCS It adds the following
(32-bit), 2000(32-bit) and XP.) It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Bandera = %ProgramData%\rdpclient.exe Other Details This Ransomware
Config.Msi Tor browser Microsoft Google Yandex Microsoft Visual Studio 16.0 It appends the following extension to the file name of the encrypted files: .EMAIL=[{BLOCKED}nicrans@gmail.com ]ID=[{Generated ID}
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run wwP51Ser = %User Profile%\Documents\wwP51\service\wwP51Ser.exe → Automatic Execution of required component