Threat: Trojan-Downloader.Win32.Agent
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to the “WindowsSystem” directory
granting change (C) permissions to the authenticated user group. Standard
users can rename the…
Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP port 23. Third-party
adversaries who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT…
Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 23. Authentication is
required, however the credentials test:test are weak and hardcoded within
the PE file.
Family: Cafeini
Type: PE32…
Threat: Trojan-Downloader.Win32.Small.ahlq
Vulnerability: Insecure Permissions
Description: the malware creates a directory with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…
Threat: Backdoor.Win32.GF.j
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 21554. Third-party adversaries
who can reach infected hosts can run commands made available by the
backdoor.
Threat: Virus.Win32.Qvod.b
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable dropped…
Threat: Email-Worm.Win32.Sidex
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5151 and creates a dir named
“vortex” with several PE files. Third-party adversaries who can reach an
infected…
Threat: Net-Worm.Win32.Kibuv.c
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 7955. Third-party adversaries
who can reach infected systems can logon using any username/password
combination.
Family: Kibuv
Type: PE32
MD5:…
Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 2172. Third party attackers
who can reach an infected system can send a large payload and trigger a
classic stack buffer overflow…
Threat: Trojan-Banker.Win32.Banker.heq
Vulnerability: Insecure Permissions
Description: The malware writes a BAT script file with insecure permissions
to c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…