Search
Keyword: URL
following malware: TROJ_CHALCOL.A Backdoor Routine This backdoor executes the following commands from a remote malicious user: Download files Execute files Get URL to download Perform remote shell Remove
remote site to dowload a file. However, the URL where the malware will connect is not in the malware body. Connects to URLs/IPs, Downloads files, Drops files
randomly-generated URL as follows: http://{10 random characters}.com/index.html?{random} http://{10 random characters}.net/index.html?{random} http://{10 random characters}.org/index.html?{random} http://{10 random
executed to relate the abovementioned __EventConsumer to the __EventFilter . The malicious script connects to the following URL to notify a remote user of an infection, download other files, and receive
executed to relate the abovementioned __EventConsumer to the __EventFilter . The malicious script connects to the following URL to notify a remote user of an infection, download other files, and receive
randomly-generated URL as follows: http://{10 random characters}.com/index.html?{random} http://{10 random characters}.net/index.html?{random} http://{10 random characters}.org/index.html?{random} http://{10 random
hosted. It decodes the downloaded file and saves it locally as follows: %User Temp%\{Random File Name}.exe The URL where this malware is hosted is not specified in the malware code. It does not have rootkit
file. It starts a background thread to download a configuration file from Dropbox . Contents of the downloaded configuration file point to URL where another malicious .APK file is downloaded: It then
UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0;Windows NT 5.1;NET CLR 2.0.3.5) Cookie: {random value}{Computer Name} When the Trojan downloads a file from the malicious URL to the user's system,
possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: ldcrlio t tt Other Details This Trojan
malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: tt t lcdrlio Exploit:Java/CVE-2012-0507
software vulnerabilities to download possibly malicious files: Oracle Java SE Remote Java Runtime Environment Vulnerability (CVE-2012-0507) It downloads a possibly malicious file from a certain URL. The URL
URL to mine cryptocurrency: https://cdn.{BLOCKED}erpool.tk/webmr-x7.js Connects to the following URL: https://{BLOCKED}ystem1.space/php3/doms1.php -Link to be send to friends http://{BLOCKED
connects to the following malicious URL to create and send encryption keys: http://{BLOCKED}vv2z7lassu.onion.link/ed2/createkeys.php http://{BLOCKED}vv2z7lassu.onion.link/ed2/savekey.php
malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
the following names: /tmp/{7 Random Filename 1} /tmp/seasame Other Details This Trojan does the following: It downloads from the following URL depending on system processor: {BLOCKED}.{BLOCKED
URL: {helplinks URL of installed program} http://{BLOCKED}3.com/default.aspx http://{BLOCKED}.{BLOCKED}.57.38/ However, as of this writing, the said sites are inaccessible.
from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Information Theft This Trojan does not have any
malicious sites. Other Details This Ransomware does the following: It accesses the following URL and download a non-malicious file:
Upon opening the document, shows the following user prompt: NOTES: The malware contains an embedded object which contains the malicious URL: The malware is capable of connecting to the malicious URL upon