Search
Keyword: URL
following URL to verify the key: https://jokebeatzz.l{BLOCKED}ty.de/kws.txt As of this writing, the current key is "cracked:cracked" Trojan.Win32.Diztakun.bckd (Kaspersky); Ransom.HiddenTear (Symantec);
\Windows.) It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\BITS URL = "http://{BLOCKED}.197.146:12345/1.txt" Dropping Routine This Trojan drops the following files:
\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This spyware connects to the following possibly malicious URL: http://www.{BLOCKED}r.com/3/m.rar This report is generated via an automated analysis
Server and URL to send and receive information: {random numbers}.ns7.{BLOCKED}ervice.com/updates.rss {random numbers}.ns8.{BLOCKED}ervice.com/pixel.gif {random numbers}.ns9.{BLOCKED}ervice.com/dot.gif It
Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.89.4/good/good.exe It takes advantage of the
2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}n.co.uk/wp-content/uploads/2012/09/banner.exe It saves the files it downloads
the following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.252.125:5555 NOTES: The URL it accesses is a private IP address. Therefore, its C&C server is a host
\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = "http://www.{BLOCKED}e.cn/search?q={searchTerms}" It modifies the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer
exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.
and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.238.178:443/search?hl={random} NOTES: It sends the following information to the URL upon connection: OS Version Volume Information
Delete, Creation Time) Retrieve Volume/Drive Information Visit URL / Download File Delay (10s) It connects to the following websites to send and receive information: http://{BLOCKED}sean.{BLOCKED}p.net/
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}utplanet.com/ty43ff333.exe It saves the files it downloads using the following names: %User Temp%
Server 2012.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: viz
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}cro.com.br/m8isda It saves the files it downloads using the following names: %User Temp%
remote user or malware/grayware to download files: Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556) It downloads a possibly malicious file from a certain URL. The URL where this
" Other Details This Trojan connects to the following possibly malicious URL: {random domain name}.xyz {helplinks URL of installed program} However, as of this writing, the said sites are inaccessible.
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan deletes itself after execution. This report is generated via an automated analysis system.
following URL to download its payload: http://{BLOCKED}.{BLOCKED}.195.33/assailant.{architecture} where {architecture} is any of the following" Mips Mps1 Sh4 X86 Arm6 I686 Ppc I586 M68k Sparc Arm4 Arm5 Arm7
ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability 1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability Integrity Monitoring Rules: There are no new