Category Archives: Advisories

Backdoor.Win32.BirdSpy.b / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Mar 25

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/eba3dd81723ddf33621fd85ded577920.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BirdSpy.b
Vulnerability: Weak Hardcoded Credentials
Family: BirdSpy
Type: PE32
MD5: eba3dd81723ddf33621fd85ded577920
Vuln ID: MVID-2022-0523
Dropped files: WinSock.exe
Disclosure: 03/21/2022
Description: The malware listens on TCP…

Read More

Backdoor.Win32.Agent.bxxn / Open Proxy

Read Time:21 Second

Posted by malvuln on Mar 25

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/dcbc237f21839a6514c8321d5fa631a4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.bxxn
Vulnerability: Open Proxy
Description: The malware listens on TCP port 1080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the destination and then back to…

Read More

Another Wiper Malware Targeted Enterprises in Ukraine #DoubleZero

Read Time:1 Minute, 0 Second

FortiGuard Labs is aware that enterprises in Ukraine were targeted by another wiper malware. Dubbed “DoubleZero,” the malware was distributed in a zip archive and destroys the compromised machine by overwriting files and deleting registry keys.Why is this Significant?This is significant because DoubleZero is the latest wiper malware used in the current Russia-Ukraine war and aims to destroy machines belonging to enterprises in Ukraine.FortiGuard Labs previous published multiple Threat Signals on other wiper malware that targeted Ukraine. See the Appendix for links to “Additional Wiper Malware Deployed in Ukraine #CaddyWiper,” “New Wiper Malware Discovered Targeting Ukrainian Interests” and “Wiper Malware Hit Ukrainian Organizations.”How Widespread is the Malware?At this time, there is no report that DoubleZero affected organizations outside of Ukraine.How does DoubleZero Work?DoubleZero was distributed in several ZIP archives, one of which is called “Virus … extremely dangerous !!!. Zip.” Once DoubleZero runs, it overwrites or uses API calls to zero out non-system files system files before moving on to overwrite critical system files and registry keys.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the files involved in the attack:MSIL/DZeroWiper.CK!tr

Read More