Search
Keyword: Possible_OLGM-23
has the following capabilities: It opens a hidden instance of iexplore.exe and connects to remote sites to download and execute possible malicious file(s). Injects a malicious VBScript to HTML files.
gathers information on the affected system and sends the information to a C&C server to determine the payload to be sent to the affected system. One of the possible payloads includes DRIDEX, a
returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system
Description Name: Override detection . This is the Trend Micro detection for malicious N/A network packet
Other Details This Ransomware does the following: Contains several errors which causes the sample to not run properly Contains a possible C&C URL: http://{BLOCKED}tronicsfbd.com/cryptkey/add.php?
Description Name: Possible KAVO - HTTP (Request) . This is the Trend Micro detection for malicious N/A network packet that manifest any of the following actions:CallbackThis attack is used for Command and Control Communication
This proof of concept attempts to exploit a vulnerability known as Spectre. If successful, it allows exploitation of said vulnerability in Windows systems. Exploitation of the vulnerability is
this vulnerability existed because of the way MHTML processes requests that are in MIME format. It is possible that a remote attacker can inject a client-side script code as a response to a Web request
addresses five privately and two publicly reported bugs in Internet Explorer , the most severe of which may lead to arbitrary code execution. The possible exploit scenario may include a user who views a
resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).' 1004265| 1004265 - Adobe Acrobat and Reader CoolType Typography Engine
via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. NOTE: it is possible that this overlaps CVE-2008-2579 or another issue disclosed in Oracle's CPUJul2008
This vulnerability allows SYSDBA access to the Oracle database by utilising a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION. A user
them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Possible Login Brute Force Attempt
(MS14-024) Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033) 
(ASLR) security feature, thus potentially opening the affected system to possible attacks leveraging vulnerabilities. Microsoft Office 2010 Service Pack 1 (32-bit editions),Microsoft Office 2010 Service
CVE-2009-1544 This elevation of privilege vulnerability in the Windows Worstation Service is due to a possible "Double Free" condition occurring in the service. Successful exploitation of this
Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver
Description Name: BRANTALL - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking tools h...
Description Name: Possible UPATRE - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indic...
Description Name: Possible PIPE TCP Request . This is Trend Micro detection for packets passing through TCP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of...