Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277. Third-party adversaries
who can reach an infected host can run any OS commands.
Family: Wisell
Type: PE32
MD5:…
Threat: Backdoor.Win32.Bifrose.uw
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…
Threat: Backdoor.Win32.Easyserv.11.c
Vulnerability: Insecure Transit
Description: The malware makes outbound C2 connection to TCP port 5558.
Credentials are sent over the network in plaintext and the payload looks
exactly like that used by XLog malware…
Threat: Backdoor.Win32.Tiny.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7777. Third-party attackers
who can reach an infected system can run any OS commands hijacking the
compromised host.
Family:…
Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP
port 7614. Third-party adversaries who can reach an infected host can
run commands made available…
Threat: Backdoor.Win32.Delf.ps
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected host can generate and download screenshots of the
systems desktop.
Family: Delf
Type:…
Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP port
7614. Third-party adversaries who can reach an infected host can run
commands made available…