Search

This Worm executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. Arrival Details This malware arrives via the following means:

This Worm executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. Arrival Details This malware arrives via the following means:

Description Name: CVE-2022-41082 - MS EXCHANGE POWERSHELL RCE EXPLOIT - HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiti...

Description Name: CVE-2022-41040 - MS Exchange Server Side Request Forgery Exploit- HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this ...

Description Name: CVE-2022-37958 - MS WINDOWS NEGOEX REQUEST - SMB2 (Exploit) . This is Trend Micro detection for SMB2 network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this ...

* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040) 1010025* - Microsoft

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a

certificate file for printing. The mail contains an MS Excel file. Upon opening the attachment, it executes a macro that downloads other files. This malicious macro is blocked and detected by Trend Micro

with malware attachments in the form of a malicious MS Excel macro. Both are detected as variants of X2KM_LOCKY and X2KM_DLOADR. Spam filtering helps block these kinds of emails. Users are advised to

Trojan.JS.FLEMSDUCK.YPAD-A. Once infected with the malware, it has its own mailer script that it uses to propagate to other recipients. It does this by scraping the user's MS Outlook contact list and sends emails with the

This URL is connected to by the malware TROJ_TDSS.ANO to download and execute a malicious file.

This URL is connected to by the malware TROJ_TDSS.ANO to download and execute a malicious file.

TSPY_ZBOT.ZQC accesses this site to download its configuration file.

TSPY_ZBOT.CGA may be downloaded from this remote site.

Malware related to TSPY_ZBOT.ZBS . Stolen information is uploaded to the website.

TSPY_ZBOT.CBZ may be downloaded from this URL.

TSPY_ZBOT.CBZ accesses this URL to download its configuration file.