Search
Keyword: URL
downloads and runs its payload Query Download Data Init_agent.plist calls agent.sh every hour The url that agent.sh downloads is dependent from another downloaded file from https://mobiletraits.s3.{BLOCKED
the following URL to gather IP address and geolocation of the machine. https://{BLOCKED}o.io Trojan-Downloader.PowerShell.Agent (IKARUS) Downloaded from the Internet, Dropped by other malware Connects
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
download_a3x ← download and execute autoit script msgbox ← display msgbox url ← visit url cmd ← execute command shell GoTorat ← execute RAT commands If the backdoor command contains "GoTorat", it may perform the
information-stealing capability. NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware connects to depends on the parameter kakat passed onto it by its components. It does
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: STCU aCPtgv LVyfSEPSw Other Details
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: RluWYitWd OsYSu JsSesgKUF Other Details
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s)
users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}ownloadgroup.com/405.php?id=92.1 http://{BLOCKED}ersecurityauto.com/buynow.php?bid=92.1
is downloaded when a vulnerable system connects to the URL where this Trojan is hosted. Exploit:Java/CVE-2013-1493 (Microsoft), a variant of Java/Exploit.CVE-2013-1493.BE trojan (ESET) Downloads files,
then connects to a deceiving URL purportedly related to Trend Micro and Skype. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This malware
\Software\Microsoft\ Internet Explorer\Main TabProcGrowth = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This worm connects to the following possibly
commands. It connects to a URL to send and receive commands from a remote malicious user. Based on its code, it is capable of opening a remote shell, logging keystrokes, creating screen captures, browsing and
body. Aside from this, it also intercepts SMS messages and sends them via SMS or HTTP. If it sends by HTTP, it appends the following to the URL where it sends the intercepted SMS messages: ?sender={sender
As a result, malicious routines of the downloaded files are exhibited on the affected system. As of this writing, the said sites are inaccessible. NOTES: It connects to the following URL to inform a