Search
Keyword: JS_EXPLOIT
its servers: It reports infection status and unique ID to {BLOCKED}.{BLOCKED}.82.19:443 NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.
following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that
This Trojan may be hosted on a website and run when a user accesses the said website. It is a component of other malware. Once a compromised site is visited, the user is redirected to a certain
servers: Operating System version OS Architecture (if 64 bit version) Service Pack System Language Victim ID NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This malware arrives via the following means: delivered by exploit kits Installation This Trojan
following means: delivered by exploit kits Installation This Trojan drops the following component file(s): {malware path}\explorer.exe - legitimate rundll32.exe %User Startup%\!{unique ID}{random character 1
itself after execution. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. It performs a man-in-the-browser attack, in which codes are injected into the browser in order
rootkit capabilities. It does not exploit any vulnerability. Trojan:Win32/Xabil.A (Microsoft) Downloaded from the Internet, Dropped by other malware, Via email Connects to URLs/IPs, Compromises system
This Trojan may be hosted on a website and run when a user accesses the said website. It requires its main component to successfully perform its intended routine. Arrival Details This Trojan may be
files OS architecture (if 64-bit) victim ID NOTES: It changes the wallpaper with the following image: It drops the following ransom note: It does not have rootkit capabilities. It does not exploit any
not exploit any vulnerability. Ransom:Win32/Locky.A (Microsoft), Trojan-Ransom.Win32.Locky.wmg (Kaspersky), Dropped by other malware, Downloaded from the Internet Encrypts files, Connects to URLs/IPs,
NOTES: It changes the wallpaper with the following image: It drops the following ransom note: It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom.Locky (Malwarebytes);
does not have rootkit capabilities. It does not exploit any vulnerability. Dropped by other malware
It does not exploit any vulnerability. Worm:Win32/Dorkbot.I (Microsoft) Propagates via instant messaging applications, Downloaded from the Internet, Propagates via removable drives Steals information,
execution of its malicious routine by performing a Sleep command. It does not have rootkit capabilities. It does not exploit any vulnerability. a variant of Win32/Agent.WGN trojan(NOD32),Found Win32/DH
distributed by the Angler Exploit Kit. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It terminates itself if it
exploit any vulnerability. Trojan-Ransom.Win32.Locky.blq (Kaspersky), Trojan:Win32/Dynamer!ac (Microsoft) Downloaded from the Internet Connects to URLs/IPs, Encrypts files, Displays message/message boxes,
), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires being executed with a specific
does the following: Creates the following named pipe and connects to it: MSSE-{Random number}-server It does not exploit any vulnerability. Backdoor:Win64/CobaltStrike.NP!dha (MICROSOFT) ;