Search
Keyword: bkdr_back.b
}.exe → if run without admin privileges where {string1} and {string2} can be any of the following strings: langs buffer user spooler tlb back rus browser org flg psec cyan err chapp dmi join started cat
}.exe → if run without admin privileges where {string1} and {string2} can be any of the following strings: langs buffer user spooler tlb back rus browser org flg psec cyan err chapp dmi join started cat
acquire json rtm walk ban It does the following: It deletes the outdated copy of itself having the following strings on its filename: langs buffer user spooler tlb back rus browser org flg psec cyan err
This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
functionalities: Port Binding Connect Back Load and Exploit It shows the following string to indicate that the website has been hacked: Hacked by D7net It requires being hosted on a web server in order to proceed
caarcupdatesvc vmwp back xchange ackup acronis enterprise acrsch antivirus bedbg dcagent epsecurity epupdate eraser esgshkernel fa_scheduler iisadmin imap4 mbam endpoint afee mcshield task mfemms mfevtp mms msdts
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
Other Details This Backdoor does the following: Run itself as a daemon It sends the output of the executed command back to the C&C Server It checks for the current time and day if it matches it's config,
sqlite3 sqlitedb mdf mdb adb db db3 dbf dbs udb dbv dbx edb exb 1cd fdb idb mpd myd odb xls xlsx doc docx bac bak back zip rar dt It avoids encrypting files with the following strings in their file name:
system information Start pipe communication Echo back given input Exit process Get disk information Manage file (query, read, write, delete, copy, rename, move) Create directory Get expanded environment
interface (defaults the environment variable HOST and falls back to 0.0.0.0). --port, -p, Defines the HTTP listening port (defaults to the environment variable PORT and fallsback to port 8080). --key, An
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
backupexecrpcservice acrsch2svc acronisagent casad2dwebsvc caarcupdatesvc vmwp back xchange ackup acronis enterprise acrsch antivirus bedbg dcagent epsecurity epupdate eraser esgshkernel fa_scheduler iisadmin imap4 mbam
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does
backupexecagentbrowser backupexecdivecimediaservice backupexecjobengine backupexecmanagementservice backupexecrpcservice acrsch2svc acronisagent casad2dwebsvc caarcupdatesvc vmwp back xchange ackup acronis enterprise
command, output of the command is then sent back to the server. It connects to the following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}.{BLOCKED}.{BLOCKED}.8 Ports 54763
the said sites are inacessible. Conduct brute force attack on FTP, MySQL, and PostgreSQL servers Conduct back connection for PERL and PHP threads (requires IP address and port number) It displays the