Published Jul 31, 2018|Updated Aug 01, 2018


Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases


Windows Defender Antivirus detects and removes this threat.

This backdoor connects to a remote server to retrieve and execute commands.

We have observed this backdoor being downloaded from hxxp://iqhost[.]us:99/a[.]zip.

When run, it connects to the server hxxps://iqhost[.]us:3389/. It then waits for and executes commands, including but not limited to:

  • Download and run files
  • Run cmd.exe to execute shell commands
  • Stop process


Latest news