Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes…
Threat: Backdoor.Win32.BluanWeb
Vulnerability: Information Disclosure
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the
entire system…
Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Code Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the…
Threat: Backdoor.Win32.FTP.Nuclear.10
Vulnerability: Hardcoded Credentials
Description: The malware builds backdoor files and uses UPX packer. When
building server.exe the provided credentials are then stored within the PE
file. Unpacking the malware…
Threat: Backdoor.Win32.BNLite
Vulnerability: Remote Stack Buffer Overflow
Description: BioNet Lite Server 4.0a listens on TCP port 5000. Third-party
attackers who can reach an infected system can trigger a buffer overflow
overwriting the ECX, EDX and AX…
Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write – RCE
Description: Augudor.a drops an empty file named “zy.exe” and listens on
TCP port 1011. Attackers who can reach the infected host can write any
binary file…
“UFONet is a free software, P2P and cryptographic -disruptive toolkit-
that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
through the exploitation of Open Redirect vectors on third-party
websites to act as a botnet and on the Layer3 (Network) abusing the
protocol.”
Posted by Jonathan Gregson via Fulldisclosure on Mar 09
Mr. Post is an Outlook add-in used for inspecting emails for threats. Its tagline states “One click to visualize email.
Unveil scam, phishing, ransom and BEC (Business Email Compromise).” The add-in is featured prominently in the Outlook
Add-in store, including those on iOS and Android. It’s possible that users in your org use this add-in. You can find it
in Microsoft AppSource here:…
Proofpoint cybersecurity researchers have identified ramped-up activities by China-aligned APT (advanced persistent threat) actor TA416, targeting European diplomatic entities as the war between Russia and Ukraine intensifies.
TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts, according to a research report by Proofpoint.
Also known as tracking pixels, web bugs hyperlink a malicious object within the body of an email which, when activated, attempts to retrieve a benign image file from the hacker server. This provides a “sign of life” confirmation to the bad actor establishing that the target account is valid and inclined to open malicious emails with social engineering content.
