Category Archives: Advisories

Backdoor.Win32.XLog.21 / Authentication Bypass Race Condition

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of…

Read More

Backdoor.Win32.Xingdoor / Denial of Service

Read Time:19 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Xingdoor
Vulnerability: Denial of Service
Description: The malware “System_XingCheng” listens on TCP port 7016.
Attackers who can send a specially crafted packet, can trigger an int 3
“xcc” breakpoint debug…

Read More

Backdoor.Win32.Wisell / Stack Buffer Overflow (SEH)

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting…

Read More

Backdoor.Win32.FTP.Lana.01.d / Port Bounce Scan

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 9003. Third-party intruders
who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT Command…

Read More

Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Weak Hardcoded Credentials
Family: Lana
Type: PE32
MD5: ea9ab5983a6fa71e31907e74d4ddbab6
Vuln ID: MVID-2022-0539
Dropped files: sersvc32.exe
Disclosure: 04/06/2022
Description: The malware listens in TCP…

Read More

Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution

Read Time:21 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Verify.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 1906 and 1907. Third-party
adversaries who can reach an infected host on either port can gain access
and or run any OS…

Read More