Search
Keyword: URL
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames
{data/code}" Download/Execute Arbitrary Plugins Uninstall itself Drops and executes the following: %User Temp%\xxm{random}.bat Change the Interval of activity time Change the C&C URL accessed Download and
lower-left will access the following URL (Agreement Page):
http://{BLOCKED}stant.net/agreement.html By default, it will install multiple applications. However, the user can select which applications to install
user’s browser tab and downloads content from a Twitter user’s profile. The cybercriminals use the affected Twitter user’s profile content to hide the malicious URL that the plugin connects to. Once
C:\ on all Windows operating system versions.) Download Routine This Trojan connects to the following URL(s) to download its component file(s): http://{BLOCKED}f.biz/ask.txt - updated URL list http://
does not have any information-stealing capability. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining
to affected computer Delete file/s from affected computer Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download file from local
will work abnormally slow. accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonightite -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for
accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining server -O, --userpass=U:P → username:password pair for mining server -u, --user
XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) Download Routine This Ransomware downloads the file from the following URL and renames the file when stored in the affected system:
by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED
/usr/bin/.sshd /usr/bin/bsd-port/getty Process that uses the following URL and Ports: {BLOCKED}.{BLOCKED}.{BLOCKED}.86:443 {BLOCKED}.{BLOCKED}.{BLOCKED}.238 {BLOCKED}.{BLOCKED}.{BLOCKED}2.87 :3333 :4444 :5555
\CurrentControlSet\ services\BITS Type = "272" (Note: The default value data of the said registry entry is "32" .) Download Routine This spyware downloads the file from the following URL and renames the file when
the following additional components to properly run: {malware path}\iusb3mon.dat -> also detected as TROJ_CIVIRDAT.D NOTES: The downloaded configuration file contains the following information: URL of
"" Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}n-foundation.ro/images/tere.exe http://{BLOCKED
"" Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}araswatiinn.com/images/tere2611.exe http://{BLOCKED
does not have any backdoor routine. It downloads a file from a certain URL then renames it before storing it in the affected system. It takes advantage of software vulnerabilities to allow a remote user
addresses with the following URL path: /file.htm /online.htm /start.htm /install_login.htm /setup.htm /welcome.htm /search.htm /home.htm /default.htm /index.htm Backdoor:Win32/Kelihos.F (Microsoft)
p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id=2886098&cname={computer name}&arch
downloads a file from a certain URL then renames it before storing it in the affected system. It executes downloaded files whose malicious routines are exhibited by the affected system. Arrival Details This