Search
Keyword: JS_EXPLOIT
Description Name: NEMUCOD - HTTP (Request) - Variant 8 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some i...
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
execution of its malicious routine by performing a Sleep command. It does not have rootkit capabilities. It does not exploit any vulnerability. Downloaded from the Internet Connects to URLs/IPs, Steals
This worm arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This malware exploits a Windows XP/Server 2003 zero-day vulnerability. This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It executes the
}s.com/version.js?appTitle=SaveSense&cb={current month integer}_{current day integer} It also affects disk cache for Mozilla when it loads the URL. It does not have rootkit capabilities. It does not exploit
It displays the following ransom note: It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom:Win32/Locky.A (Microsoft), Trojan-Ransom.Win32.Locky.bol (Kaspersky),
{BLOCKED}g.net/intraf.php?kod={value}&site=www.surinamefoto.com http://www.{BLOCKED}r1.com/1.js http://www.w3.org/1999/xhtml It does not have rootkit capabilities. It does not exploit any vulnerability.
have rootkit capabilities. It does not exploit any vulnerability. Ransom.Locky (Symantec), Ransom:Win32/Locky.A (Microsoft), Trojan-Ransom.Win32.Locky.bom (Kaspersky) Downloaded from the Internet
It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom:Win32/Locky (Microsoft); Ransom.Locky (Malwarebytes); Trojan-Ransom.Win32.Locky.ash (Kaspersky) Downloaded from the
exploit any vulnerability. Trojan-Ransom.Win32.Locky.blq (Kaspersky), Trojan:Win32/Dynamer!ac (Microsoft) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes,
distributed by the Angler Exploit Kit. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It terminates itself if it
not have rootkit capabilities. It does not exploit any vulnerability. Ransom.Locky (Symantec); Ransom:Win32/Locky (Microsoft); Trojan-Ransom.Win32.Locky.bos (Kaspersky); Trojan-Ransom.Locky (Ikarus);
NOTES: The following image serves as the ransom note of the malware: It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom:Win32/Locky.A (Microsoft); Troj/Locky-HO (Sophos);
following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that
its servers: It reports infection status and unique ID to {BLOCKED}.{BLOCKED}.82.19:443 NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.
following means: delivered by exploit kits Installation This Trojan drops the following component file(s): {malware path}\explorer.exe - legitimate rundll32.exe %User Startup%\!{unique ID}{random character 1
This is the Trend Micro detection for suspicious files that manifest the characteristics of an exploited JSON format. It is a heuristic detection for a JNLP XML file that may execute a possibly
servers: Operating System version OS Architecture (if 64 bit version) Service Pack System Language Victim ID NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.
following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that