Read Time:8 Second
Posted by malvuln on Apr 14
Adversary3 has been updated with a bunch of new malware vulnz.
https://github.com/malvuln/Adversary3
Thanks,
Malvuln (aka hyp3rlinx)
Category Archives: Advisories
Email-Worm.Win32.Pluto.b / Insecure Permissions
Read Time:20 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/60a7d5e2d446110d84ef65f6a37af0eb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Email-Worm.Win32.Pluto.b
Vulnerability: Insecure Permissions
Description: The malware writes a dir and PE files with insecure
permissions to c drive granting change (C) permissions to the authenticated
user group. Standard users can rename the…
Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram)
Read Time:21 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9ede6951ea527f96a785c5e32b5079e6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Kilo.016
Vulnerability: Denial of Service (UDP Datagram)
Description: The malware listens on TCP ports 6712, 6713, 6714, 6715, 7722,
15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host
can send a large payload…
Backdoor.Win32.NinjaSpy.c / Authentication Bypass
Read Time:20 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9f39606d9e19771af5acc6811ccf557f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.NinjaSpy.c
Vulnerability: Authentication Bypass
Description: The malware listens on TCP ports 2003, 2004 and drops a PE
file named “cmd.dll” under Windows dir. Connecting to port 2003, you will
get back a number…
Backdoor.Win32.NetSpy.10 / Unauthenticated Remote Command Execution
Read Time:20 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.NetSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7306. Attackers who can reach
infected hosts can run commands made available by the backdoor. Sending
commands using Ncat…
Backdoor.Win32.NetCat32.10 / Unauthenticated Remote Command Execution
Read Time:19 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/dcf16aed5ad4e0058a6cfcc7593dd9e3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.NetCat32.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 6666. Attackers who can reach
infected systems can run commands made available by the backdoor using
TELNET.
Family:…
HackTool.Win32.IpcScan.c / Local Stack Buffer Overflow
Read Time:19 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8f44374d587eb1657d25da9628cb2b87.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: HackTool.Win32.IpcScan.c
Vulnerability: Local Stack Buffer Overflow
Description: Loading a specially crafted PE file will cause a stack buffer
overflow overwriting the ECX and EIP registers.
Family: IpcScan
Type: PE32
MD5:…
Backdoor.Win32.Psychward.03.a / Weak Hardcoded Password
Read Time:19 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d069738f18957117367b8a79195a6a96.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Psychward.03.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens in TCP port 69. The password “tyme” is
weak and stored in plaintext with the executable.
Family: Psychward
Type: PE32
MD5:…
Backdoor.Win32.Prorat.cwx / Insecure Permissions
Read Time:19 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2d81bf2c55c81778533b55fb444d4dc6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Prorat.cwx
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…
Backdoor.Win32.MotivFTP.12 / Authentication Bypass
Read Time:19 Second
Posted by malvuln on Apr 14
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/91b2d216c5d26d9db4289acf68fa1743.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.MotivFTP.12
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 21. Third-party attackers who
can reach infected systems can logon using any username/password
combination. Intruders may then upload…