Category Archives: Advisories

Backdoor.Win32.Wisell / Stack Buffer Overflow (SEH)

April 8, 2022

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting…

Advisories

Backdoor.Win32.FTP.Lana.01.d / Port Bounce Scan

April 8, 2022

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 9003. Third-party intruders
who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT Command…

Advisories

Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Credentials

April 8, 2022

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Weak Hardcoded Credentials
Family: Lana
Type: PE32
MD5: ea9ab5983a6fa71e31907e74d4ddbab6
Vuln ID: MVID-2022-0539
Dropped files: sersvc32.exe
Disclosure: 04/06/2022
Description: The malware listens in TCP…

Advisories

Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution

April 8, 2022

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Verify.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 1906 and 1907. Third-party
adversaries who can reach an infected host on either port can gain access
and or run any OS…

Advisories

Backdoor.Win32.Ptakks.XP.a / Insecure Credential Storage

April 8, 2022

Read Time:19 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/e087725b01dded75d85a20db58335fa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ptakks.XP.a
Vulnerability: Insecure Credential Storage
Description: The default password for the backdoor FTP is stored in
cleartext within the ptakks.ini file.
Family: Ptakks
Type: PE32
MD5: e087725b01dded75d85a20db58335fa8
Vuln…

Advisories

Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution

April 8, 2022

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277. Third-party adversaries
who can reach an infected host can run any OS commands.
Family: Wisell
Type: PE32
MD5:…

Advisories

Backdoor.Win32.Bifrose.uw / Insecure Permissions

April 8, 2022

Read Time:19 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9e4f942c60044feef0fb48538ffac383.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bifrose.uw
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…

Advisories

Backdoor.Win32.Easyserv.11.c / Insecure Transit

April 8, 2022

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3b5564e88a0b8a41e4fd730891e635cc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Easyserv.11.c
Vulnerability: Insecure Transit
Description: The malware makes outbound C2 connection to TCP port 5558.
Credentials are sent over the network in plaintext and the payload looks
exactly like that used by XLog malware…

Advisories

Backdoor.Win32.Tiny.a / Unauthenticated Remote Command Execution

April 8, 2022

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Tiny.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7777. Third-party attackers
who can reach an infected system can run any OS commands hijacking the
compromised host.
Family:…

Advisories

Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution

April 8, 2022

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP
port 7614. Third-party adversaries who can reach an infected host can
run commands made available…

News, Advisories and much more

Exit mobile version