Category Archives: Advisories

Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool) / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/6a6ce3e7f24bf000d9a011a8f1905da8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool)
Vulnerability: Weak Hardcoded Password
Description: The malware listens on random incrementing high TCP ports
49701,49702 etc. When updating the backdoor the output files password…

Read More

Backdoor.Win32.RemoteNC.beta4 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemoteNC.beta4
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 49941. Third-party attackers
who can reach an infected host can execute any OS commands hijacking taking
over the…

Read More

Backdoor.Win32.BluanWeb / Unauthenticated Remote Command Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes…

Read More

Backdoor.Win32.BluanWeb / Information Disclosure

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Information Disclosure
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the
entire system…

Read More

Backdoor.Win32.BluanWeb / Unauthenticated Remote Code Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Code Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the…

Read More

Backdoor.Win32.FTP.Nuclear.10 / Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9c23dad9ba11305fecf38bed46b0cec2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Nuclear.10
Vulnerability: Hardcoded Credentials
Description: The malware builds backdoor files and uses UPX packer. When
building server.exe the provided credentials are then stored within the PE
file. Unpacking the malware…

Read More

Backdoor.Win32.BNLite / Remote Stack Buffer Overflow

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/0d1f873f6816debd244e1e77509f6ba7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BNLite
Vulnerability: Remote Stack Buffer Overflow
Description: BioNet Lite Server 4.0a listens on TCP port 5000. Third-party
attackers who can reach an infected system can trigger a buffer overflow
overwriting the ECX, EDX and AX…

Read More

Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write – RCE

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write – RCE
Description: Augudor.a drops an empty file named “zy.exe” and listens on
TCP port 1011. Attackers who can reach the infected host can write any
binary file…

Read More

New Release: UFONet v1.8 – “DarK-PhAnT0m!”…

Read Time:24 Second

Posted by psy on Mar 09

Hi Community,

I am glad to present a new release of this tool:

https://ufonet.03c8.net

———

“UFONet is a free software, P2P and cryptographic -disruptive toolkit-
that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
through the exploitation of Open Redirect vectors on third-party
websites to act as a botnet and on the Layer3 (Network) abusing the
protocol.”

“It also works as an encrypted DarkNET to…

Read More

Mr. Post – Outlook Add-in – Data Theft Risk

Read Time:23 Second

Posted by Jonathan Gregson via Fulldisclosure on Mar 09

Mr. Post is an Outlook add-in used for inspecting emails for threats. Its tagline states “One click to visualize email.
Unveil scam, phishing, ransom and BEC (Business Email Compromise).” The add-in is featured prominently in the Outlook
Add-in store, including those on iOS and Android. It’s possible that users in your org use this add-in. You can find it
in Microsoft AppSource here:…

Read More