Daily Archives: April 27, 2022

Advisories

Trojan-Downloader.Win32.Agent / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fb3ac3c9d808de7f4b5ede68715f658f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Agent
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to the “WindowsSystem” directory
granting change (C) permissions to the authenticated user group. Standard
users can rename the…

Read More

Advisories

Backdoor.Win32.Cafeini.b / Port Bounce Scan

Read Time:21 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP port 23. Third-party
adversaries who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT…

Read More

Advisories

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 23. Authentication is
required, however the credentials test:test are weak and hardcoded within
the PE file.
Family: Cafeini
Type: PE32…

Read More

Advisories

Trojan-Downloader.Win32.Small.ahlq / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d859ba54086fd0313dc34b73b5b1eccb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Small.ahlq
Vulnerability: Insecure Permissions
Description: the malware creates a directory with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…

Read More

Advisories

Backdoor.Win32.GF.j / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fa00524d7289cdba327d5c34ab3d9bd7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GF.j
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 21554. Third-party adversaries
who can reach infected hosts can run commands made available by the
backdoor.

Eg. commands…

Read More

Advisories

Virus.Win32.Qvod.b / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c44a9580e17bad0aa27329e51b7d0ae0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Qvod.b
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable dropped…

Read More

Advisories

Email-Worm.Win32.Sidex / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/a98cdaa89da57bf269873db63e22a939.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Sidex
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5151 and creates a dir named
“vortex” with several PE files. Third-party adversaries who can reach an
infected…

Read More

Advisories

Net-Worm.Win32.Kibuv.c / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/4243911d5ca5655d04de8895704fcae6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Net-Worm.Win32.Kibuv.c
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 7955. Third-party adversaries
who can reach infected systems can logon using any username/password
combination.
Family: Kibuv
Type: PE32
MD5:…

Read More

Advisories

Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/94d1b2510bf96fa6190cd65876bf4c38.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 2172. Third party attackers
who can reach an infected system can send a large payload and trigger a
classic stack buffer overflow…

Read More

Advisories

Trojan-Banker.Win32.Banker.heq / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/f15d05f74899324ecb61ee29ad162fad.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.heq
Vulnerability: Insecure Permissions
Description: The malware writes a BAT script file with insecure permissions
to c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…

Read More