Search
Keyword: bec_suspicious.ers
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This is a Trend Micro heuristic detection for suspicious Portable Document files (PDF) that contain Font Object with suspicious reference. If your Trend Micro product detects a file under this
Description Name: File analyzed by Virtual Analyzer . This is the Trend Micro identification for suspicious files configured by File Submission Rules. Virtual Analyzer assesses the file as a risk.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
First Pattern Version IDF First Pattern Release Version MS11-015 CVE-2011-0032 1004373 - Identified Microsoft DLL File Over Network Share 10-028 August 25, 2010 1004566 - Identified Suspicious Microsoft
CVE-2013-0006 1005323 Identified Suspicious Download of XML File Over HTTP 08-Jan-13 YES CVE-2013-0007 1005322 Microsoft Internet Explorer MSXML XSLT Vulnerability (CVE-2013-0007) 08-Jan-13 YES MS13-003
Vulnerability ID Rule Number & Title IDF First Pattern Version IDF First Pattern Release Version CVE-2011-3402 1004858 - Identified Suspicious Microsoft Office Files With Embedded Dexter Font 11-033 Nov 23, 2011
Description Name: Remote shell - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that can be used as Lateral Movement. This also indicates a malware infection. Below are some indicators of an infected host:...
Description Name: Shell command - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection. Below are some indica...
Description Name: Bitcoin Mining TCP Request . This is Trend Micro detection for packets passing through TCP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:Excessive s...
Description Name: POWERDNS - DNS (Response) . This is Trend Micro detection for packets passing through DNS network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:Excessive sp...
Description Name: BINBASH Download - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry. This also indicates a malware infection. Below are some indicators of an infec...
Description Name: Possible CVE-2018-8413 Windows Theme API RCE Download - HTTP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhi...
Description Name: CreateService - SMB (Request) .
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware: WORM_AUTORUN OTORUN Since these files commonly arrive and
Heuristic Detection This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware: ELF_XORDDOS If your Trend Micro
Microsoft enables scripts that are embedded in an HTML document or in a Windows Scripting Host file to access COM+ objects. An attacker can create COM+ objects in script code stored in an Extensible