Category Archives: Advisories

Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Weak Hardcoded Credentials
Family: Lana
Type: PE32
MD5: ea9ab5983a6fa71e31907e74d4ddbab6
Vuln ID: MVID-2022-0539
Dropped files: sersvc32.exe
Disclosure: 04/06/2022
Description: The malware listens in TCP…

Read More

Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Verify.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 1906 and 1907. Third-party
adversaries who can reach an infected host on either port can gain access
and or run any OS…

Read More

Backdoor.Win32.Ptakks.XP.a / Insecure Credential Storage

Read Time:19 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/e087725b01dded75d85a20db58335fa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ptakks.XP.a
Vulnerability: Insecure Credential Storage
Description: The default password for the backdoor FTP is stored in
cleartext within the ptakks.ini file.
Family: Ptakks
Type: PE32
MD5: e087725b01dded75d85a20db58335fa8
Vuln…

Read More

Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277. Third-party adversaries
who can reach an infected host can run any OS commands.
Family: Wisell
Type: PE32
MD5:…

Read More

Backdoor.Win32.Bifrose.uw / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9e4f942c60044feef0fb48538ffac383.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bifrose.uw
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…

Read More

Backdoor.Win32.Easyserv.11.c / Insecure Transit

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3b5564e88a0b8a41e4fd730891e635cc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Easyserv.11.c
Vulnerability: Insecure Transit
Description: The malware makes outbound C2 connection to TCP port 5558.
Credentials are sent over the network in plaintext and the payload looks
exactly like that used by XLog malware…

Read More

Backdoor.Win32.Tiny.a / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Tiny.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7777. Third-party attackers
who can reach an infected system can run any OS commands hijacking the
compromised host.
Family:…

Read More

Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP
port 7614. Third-party adversaries who can reach an infected host can
run commands made available…

Read More

Backdoor.Win32.Delf.ps / Information Disclosure

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cf3c08afa6c2d49ba36ed0f895893d71.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.ps
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected host can generate and download screenshots of the
systems desktop.
Family: Delf
Type:…

Read More

Backdoor.Win32.Jokerdoor / Weak Hardcoded Credentials

Read Time:18 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Weak Hardcoded Credentials
Family: Jokerdoor
Type: PE32
MD5: a6437375fff871dff97dc91c8fd6259f
Vuln ID: MVID-2022-0531
Dropped files: Random name “awup.exe”
Disclosure: 04/02/2022
Description: The…

Read More