Category Archives: Advisories

Advisories

Loki RAT (Relapse) / SQL Injection

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: SQL Injection
Description: The LokiRAT WebUI panel for LokiRAT_Relapse.exe runs on PHP
and MySQL and is used to control infected hosts through a central server.
The backend server side code “admin.php”…

Read More

Advisories

Loki RAT (Relapse) / Directory Traversal – Arbitrary File Delete

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: Directory Traversal – Arbitrary File Delete
Description: The LokiRAT WebUI panel for “LokiRAT_Relapse.exe” runs on PHP
and MySQL and is used control infected hosts through a central server.
The admin…

Read More

Advisories

Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool) / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/6a6ce3e7f24bf000d9a011a8f1905da8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool)
Vulnerability: Weak Hardcoded Password
Description: The malware listens on random incrementing high TCP ports
49701,49702 etc. When updating the backdoor the output files password…

Read More

Advisories

Backdoor.Win32.RemoteNC.beta4 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemoteNC.beta4
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 49941. Third-party attackers
who can reach an infected host can execute any OS commands hijacking taking
over the…

Read More

Advisories

Backdoor.Win32.BluanWeb / Unauthenticated Remote Command Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes…

Read More

Advisories

Backdoor.Win32.BluanWeb / Information Disclosure

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Information Disclosure
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the
entire system…

Read More

Advisories

Backdoor.Win32.BluanWeb / Unauthenticated Remote Code Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Code Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the…

Read More

Advisories

Backdoor.Win32.FTP.Nuclear.10 / Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9c23dad9ba11305fecf38bed46b0cec2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Nuclear.10
Vulnerability: Hardcoded Credentials
Description: The malware builds backdoor files and uses UPX packer. When
building server.exe the provided credentials are then stored within the PE
file. Unpacking the malware…

Read More

Advisories

Backdoor.Win32.BNLite / Remote Stack Buffer Overflow

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/0d1f873f6816debd244e1e77509f6ba7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BNLite
Vulnerability: Remote Stack Buffer Overflow
Description: BioNet Lite Server 4.0a listens on TCP port 5000. Third-party
attackers who can reach an infected system can trigger a buffer overflow
overwriting the ECX, EDX and AX…

Read More

Advisories

Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write – RCE

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write – RCE
Description: Augudor.a drops an empty file named “zy.exe” and listens on
TCP port 1011. Attackers who can reach the infected host can write any
binary file…

Read More