Category Archives: Advisories

Backdoor.Win32.Agent.aegg / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aegg
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8665. Authentication is
required, however the password “Xc 2870508” is weak and hardcoded within
the PE file.
Family: Agent…

Read More

Trojan-Downloader.Win32.Agent / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fb3ac3c9d808de7f4b5ede68715f658f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Agent
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to the “WindowsSystem” directory
granting change (C) permissions to the authenticated user group. Standard
users can rename the…

Read More

Backdoor.Win32.Cafeini.b / Port Bounce Scan

Read Time:21 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP port 23. Third-party
adversaries who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT…

Read More

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 23. Authentication is
required, however the credentials test:test are weak and hardcoded within
the PE file.
Family: Cafeini
Type: PE32…

Read More

Trojan-Downloader.Win32.Small.ahlq / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d859ba54086fd0313dc34b73b5b1eccb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Small.ahlq
Vulnerability: Insecure Permissions
Description: the malware creates a directory with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…

Read More

Backdoor.Win32.GF.j / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fa00524d7289cdba327d5c34ab3d9bd7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GF.j
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 21554. Third-party adversaries
who can reach infected hosts can run commands made available by the
backdoor.

Eg. commands…

Read More

Virus.Win32.Qvod.b / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c44a9580e17bad0aa27329e51b7d0ae0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Qvod.b
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable dropped…

Read More

Email-Worm.Win32.Sidex / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/a98cdaa89da57bf269873db63e22a939.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Sidex
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5151 and creates a dir named
“vortex” with several PE files. Third-party adversaries who can reach an
infected…

Read More