Search
Keyword: IRC_Generic
\ Windows\CurrentVersion\Run Wincpa = "{Malware Path and Filename}.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}9.{BLOCKED}9.249.189 It joins any of the
\ Windows\CurrentVersion\Run Wincpa or Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.249.189:443 epic.{BLOCKED
Description Name: IRCBOT IRC Connection - Class 3 . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicat...
Description Name: IRCBOT - Nickname - IRC - Variant 3 . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some ind...
Description Name: IRCBOT - IRC . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of an infected ...
Description Name: BOTNICK IRC Request - Class 1 . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicator...
Description Name: BASSBOT IRC Connection . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of an...
Description Name: IRCBOT - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of an...
Description Name: VBINJECT - IRC . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of an infecte...
following Internet Relay Chat (IRC) channels: #muh{BLOCKED} It executes the following commands from a remote malicious user: SH - execute shell command IRC - send arbitrary irc command to server HELP - send
Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.18.114 {BLOCKED}.{BLOCKED}.18.119 {BLOCKED}.{BLOCKED}.18.121 {BLOCKED}.{BLOCKED}.220.124 {BLOCKED}.{BLOCKED
does not infect files with certain characteristics. It also searches for target script files for iframe infection. Infected script files are detected as HTML_IFRAME.SMV. It connects to certain IRC
and Logout of the Bot Terminate Bot Restart the bot Send an email DNS lookup Download a file Execute a command Get system information Execute php code TCP and UDP flood attack IRC Command Change
Chat (IRC) server where it receives the following commands from a remote malicious user: Download and execute arbitrary files Join other IRC channel Uninstall itself Download Routine This worm saves the
Description Name: SHELLBOT - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of ...
Description Name: BUZUS - IRC (Nickname) - Variant 2 . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
any of the following Internet Relay Chat (IRC) servers: {BLOCKED}.{BLOCKED}.105.87 1337hub.{BLOCKED}me.net It joins any of the following IRC channel(s): #.# It accesses a remote Internet Relay Chat (IRC
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED
Description Name: DORKBOT IRC Request - Class 1 . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicator...