Loki RAT (Relapse) / SQL Injection

March 9, 2022

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: SQL Injection
Description: The LokiRAT WebUI panel for LokiRAT_Relapse.exe runs on PHP
and MySQL and is used to control infected hosts through a central server.
The backend server side code “admin.php”…

Advisories

Loki RAT (Relapse) / Directory Traversal – Arbitrary File Delete

March 9, 2022

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: Directory Traversal – Arbitrary File Delete
Description: The LokiRAT WebUI panel for “LokiRAT_Relapse.exe” runs on PHP
and MySQL and is used control infected hosts through a central server.
The admin…

Advisories

Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool) / Weak Hardcoded Password

March 9, 2022

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/6a6ce3e7f24bf000d9a011a8f1905da8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool)
Vulnerability: Weak Hardcoded Password
Description: The malware listens on random incrementing high TCP ports
49701,49702 etc. When updating the backdoor the output files password…

Advisories

Backdoor.Win32.RemoteNC.beta4 / Unauthenticated Remote Command Execution

March 9, 2022

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemoteNC.beta4
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 49941. Third-party attackers
who can reach an infected host can execute any OS commands hijacking taking
over the…

Advisories

Backdoor.Win32.BluanWeb / Unauthenticated Remote Command Execution

March 9, 2022

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes…

Advisories

Backdoor.Win32.BluanWeb / Information Disclosure

March 9, 2022

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Information Disclosure
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the
entire system…

Advisories

Backdoor.Win32.BluanWeb / Unauthenticated Remote Code Execution

March 9, 2022

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Code Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the…

Advisories

Backdoor.Win32.FTP.Nuclear.10 / Hardcoded Credentials

March 9, 2022

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9c23dad9ba11305fecf38bed46b0cec2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Nuclear.10
Vulnerability: Hardcoded Credentials
Description: The malware builds backdoor files and uses UPX packer. When
building server.exe the provided credentials are then stored within the PE
file. Unpacking the malware…

Advisories

Backdoor.Win32.BNLite / Remote Stack Buffer Overflow

March 9, 2022

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/0d1f873f6816debd244e1e77509f6ba7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BNLite
Vulnerability: Remote Stack Buffer Overflow
Description: BioNet Lite Server 4.0a listens on TCP port 5000. Third-party
attackers who can reach an infected system can trigger a buffer overflow
overwriting the ECX, EDX and AX…

Advisories

Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write – RCE

March 9, 2022

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write – RCE
Description: Augudor.a drops an empty file named “zy.exe” and listens on
TCP port 1011. Attackers who can reach the infected host can write any
binary file…

News, Advisories and much more

Exit mobile version