Search
Keyword: usoj_phase.a
99468 Total Search |
Showing Results : 1 - 20
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
\Microsoft\Active Setup\Installed Components\{unique bot GUID}\JavaScript The script decodes and executes a Base64-encoded PowerShell Script if the PowerShell installed in the system is version 1.0. The
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be injected into processes running in memory.
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It executes
This malware is a new LICAT variant that uses a different key for its domain generation algorithm. To get a one-glance comprehensive view of the behavior of this File infector, refer to the Threat
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This spyware is able to generate a number of domains. It is able to connect to any of its generated domains to download possibly malicious files. To get a one-glance comprehensive view of the
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
downloaded by a user while visiting the following malicious websites: http://{BLOCKED}mpn123.com:81/bot.exe Installation This spyware adds the following folders: %Application Data%\{random1} %Application Data%
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
the malware is on a testing phase and may come with more payloads depending on the cybercriminals’ motivations. The worm’s command-and-control (C&C)/download site is also an indication that
unknowingly downloaded by a user while visiting malicious websites. It may be injected into processes running in memory. It attempts to steal sensitive online banking information, such as user names and
TRICKBOT - Malicious certificate - SSL Detection Name: HTTPS_TRICKBOT_CERTIFICATE Malware Family: TRICKBOT Related Malware: N/A NOTES: Attack Phase: Command and Control Communication Protocol: HTTPS