[FD] RansomLord (NG v1.0) anti-ransomware exploit tool

First official NG versioned release with significant updates, fixes and new features https://github.com/malvuln/RansomLord/releases/tag/v1.0 RansomLord (NG) v1.0 Anti-Ransomware exploit tool. Proof-of-concept tool that automates the creation of PE files, used to exploit ransomware pre-encryption

[FD] BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description

[FD] Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Win32.Razy.abc Vulnerability: Insecure Permissions (In memory IPC) Family: Razy

[FD] Backdoor.Win32.Agent.ju (PSYRAT) / Authentication Bypass RCE

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ju (PSYRAT) Vulnerability: Authentication Bypass RCE Family

[FD] Backdoor.Win32.Emegrab.b / Remote Stack Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/19a14d0414aec62ef38378de2e8b259d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Emegrab.b Vulnerability: Remote Stack Buffer Overflow (SEH) Family

[FD] Backdoor.Win32.Beastdoor.oq / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Beastdoor.oq Vulnerability: Unauthenticated Remote Command Execution

[FD] BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.amt Vulnerability: Authentication Bypass Description: The malware

[FD] Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The

[FD] BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution

[FD] BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Armageddon.r Vulnerability: Hardcoded Cleartext Credentials Description

[FD] TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Win32 BankShot Vulnerability: Remote Stack Buffer Overflow (SEH) Description

[FD] TrojanSpy Win32 Nivdort / Insecure Permissions - EoP (SYSTEM)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/15bda00b57e2ed729a45f7cfa62165da.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: TrojanSpy Win32 Nivdort Vulnerability: Insecure Permissions - EoP (SYSTEM) Family

[FD] Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak (Anunak) Vulnerability: Named Pipe Null DACL Family: Carbanak

[FD] RansomLord v1 / Anti-Ransomware Exploit Tool

/malvuln/RansomLord RansomLord generated PE files are saved to disk in the x32 or x64 directorys where the program is run from. Goal is to exploit code execution flaws inherent in certain strains of Ransomware [Malvuln history] In May 2022, I publicly disclosed a novel strategy to successfully defeat

Re: [FD] Ransom.Haron / Code Execution

*** Correction: should have been CRYPTSP.dll *** Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Haron Vulnerability: Code

[FD] Adversary3 updated / Malware vulnerability intel tool for third-party attackers

The Adversary3 project has been updated, added a new vulnerability category "Logic Flaw" and dozens of new malware vulnerabilities. https://github.com/malvuln/Adversary3 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailma

[FD] Ransom.Win64.AtomSilo / Crypto Logic Flaw

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Ransom.Win64.AtomSilo Vulnerability: Crypto

[FD] Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.InCommander.17.b Vulnerability

[FD] Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate

[FD] Backdoor.Win32.Delf.gj / Information Disclosure

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/8872c2ec49ff3382240762a029631684.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.Delf.gj Vulnerability

[FD] Win32.Ransom.Conti / Crypto Logic Flaw

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic

[FD] Ransomware Deception Tactics Part 1

Did you know? some Ransomware like CONTI and others will FAIL to encrypt non PE files that have a ".exe" in the filename. Test.exe.docx Test.exe.pdf Conti MD5: 9eb9197cd58f4417a27621c4e1b25a71 ATOMSILO MD5: 5559e9f5e1645f8554ea020a29a5a3ee ___ Sent thr

[FD] Trojan.Win32.DarkNeuron.gen / Named Pipe Null DACL

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability

[FD] Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/4262a8b52b902aa2e6bf02a156d1b8d4.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.Autocrat.b Vulnerability: Weak

[FD] Backdoor.Win32.Serman.a / Unauthenticated Open Proxy

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/f312e3a436995b86b205a1a37b1bf10f.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.Serman.a Vulnerability

[FD] Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Oblivion.01.a Vulnerability: Insecure Transit Password Disclosure

[FD] Trojan.Win32.Platinum.gen / Arbitrary Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Win32.Platinum.gen Vulnerability: Arbitrary Code Execution Description: The

[FD] Backdoor.Win32.Quux / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/13ce53de9ca4c4e6c58f990b442cb419.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Quux Vulnerability: Weak Hardcoded Credentials Family: Quux Type: PE32

[FD] Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution

[FD] HEUR:Trojan.MSIL.Agent.gen / Information Disclosure

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: HEUR:Trojan.MSIL.Agent.gen Vulnerability: Information Disclosure Description: the

[FD] Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2047ac6183da4dfb61d2562721ba0720.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow (SEH

[FD] Email-Worm.Win32.Kipis.c / Remote File Write Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description

[FD] Backdoor.Win32.Psychward.10 / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/70c5f8d61f6ac67091c0c5860e456427.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.10 Vulnerability: Unauthenticated Remote Command Execution

[FD] Backdoor.Win32.Delf.arh / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware

[FD] Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Redkod.d Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Backdoor.Win32.DarkSky.23 / Remote Stack Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkSky.23 Vulnerability: Remote Stack Buffer Overflow (SEH

[FD] Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.eg Vulnerability: Unauthenticated Remote Command Execution

[FD] Backdoor.Win32.NTRC / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32

[FD] Backdoor.Win32.Augudor.b / Remote File Write Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description

[FD] Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Backdoor.Win32.Hellza.120 / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The

[FD] Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution

[FD] Trojan.Ransom.Ryuk.A / Arbitrary Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The

[FD] Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description

[FD] Trojan.Win32.Autoit.fhj / Named Pipe Null DACL

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Win32.Autoit.fhj Vulnerability: Named Pipe Null DACL Family: Autoit Type

[FD] Trojan-Ransom.Win32.Hive.bv / Arbitrary Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/44aba241dd3f0d156c6ed82a0ab3a9e1.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Ransom.Win32.Hive.bv Vulnerability: Arbitrary Code Execution Description: Hive

[FD] Backdoor.Win32.Hupigon.aspg / Insecure Service Path

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aspg Vulnerability: Insecure Service Path Description: The

[FD] Backdoor.Win32.Winshell.5_0 / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Winshell.5_0 Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Trojan.Win32.Autoit.fhj / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Win32.Autoit.fhj Vulnerability: Insecure Permissions Description: The malware

[FD] Win32.Ransom.BlueSky / Arbitrary Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Win32.Ransom.BlueSky Vulnerability: Arbitrary Code Execution Description: The BlueSky

[FD] Backdoor.Win32.Guptachar.20 / Insecure Credential Storage

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description

[FD] Backdoor.Win32.Bushtrommel.122 / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Unauthenticated Remote Command

[FD] Backdoor.Win32.Bushtrommel.122 / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Authentication Bypass Description: The

[FD] Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The

[FD] Backdoor.Win32.Destrukor.20 / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution

[FD] Backdoor.Win32.Destrukor.20 / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Authentication Bypass Description: The

[FD] Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Eclipse.h Vulnerability: Weak Hardcoded Credentials Family: Eclipse

[FD] Builder XtremeRAT v3.7 / Insecure Crypto Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Builder XtremeRAT v3.7 Vulnerability: Insecure Crypto Bypass Description: The

[FD] Builder XtremeRAT v3.7 / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Builder XtremeRAT v3.7 Vulnerability: Insecure Permissions Description: The malware

[FD] Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.HoneyPot.a Vulnerability: Weak Hardcoded Password Description: The

[FD] Ransom Lockbit 3.0 / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware

[FD] Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Local Unicode Buffer Overflow (SEH) Description: The

[FD] Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.EvilGoat.b Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Backdoor.Win32.Coredoor.10.a / Authentication Bypass

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Authentication Bypass Description: The

[FD] Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Description: The

[FD] Backdoor.Win32.InfecDoor.17.c / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The

[FD] Trojan-Mailfinder.Win32.VB.p / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The

[FD] Backdoor.Win32.Shark.btu / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Shark.btu Vulnerability: Insecure Permissions Description: The malware

[FD] Yashma Ransomware Builder v1.2 / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Yashma Ransomware Builder v1.2 Vulnerability: Insecure Permissions Description: The

[FD] Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banbra.cyt Vulnerability: Insecure Permissions Description: The

[FD] Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.10.d Vulnerability: Unauthenticated Remote Command Execution

[FD] Trojan-Proxy.Win32.Symbab.o / Heap Corruption

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Symbab.o Vulnerability: Heap Corruption Description: The malware

[FD] Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banker.agzg Vulnerability: Insecure Permissions Description: The

[FD] Ransom.Haron / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Haron Vulnerability: Code Execution Description: Haron looks for and executes

[FD] Trojan-Ransom.Thanos / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Ransom.Thanos Vulnerability: Code Execution Description: Thanos looks for and

[FD] Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale!

Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! https://www.youtube.com/watch?v=eg3l8a_HSSU ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/full

[FD] github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains.

Reference list for my Ransomware exploitation research. Lists current DLLs I have seen to date that some ransomware search for, which I have used successfully to hijack and intercept vulnerable strains executing arbitrary code pre-encryption. https://github.com/malvuln/RansomDLLs

[FD] APT28 FancyBear / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: APT28 FancyBear Vulnerability: Code Execution Description: FancyBear looks for and

[FD] Ransom.Satana / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Satana Vulnerability: Code Execution Description: Satana searches for and loads

[FD] Ransom.Conti / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes

[FD] Ransom.Petya / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Petya Vulnerability: Code Execution Description: Petya looks for and loads a

[FD] Ransom.Cryakl / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Cryakl Vulnerability: Code Execution Description: Cryakl looks for and loads a

[FD] Trojan-Ransom.Radamant / Code Execution

Discovery / credits: Malvuln - (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Ransom.Radamant Vulnerability: Code Execution Description: Radamant tries to

[FD] Trojan-Ransom.LockerGoga / Code Execution

Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Ransom.LockerGoga Vulnerability: Code Execution Description: LockerGoga

[FD] Ransom.CTBLocker / Code Execution

Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.CTBLocker Vulnerability: Code Execution Description: CTBLocker looks for

[FD] Trojan-Ransom.Cerber / Code Execution

Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/ae99e6a451bc53830be799379f5c1104.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Ransom.Cerber Vulnerability: Code Execution Description: Cerber looks for

[FD] Trojan.Ransom.Cryptowall / Code Execution

Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/0CFFEE266A8F14103158465E2ECDD2C1.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan.Ransom.Cryptowall Vulnerability: Code Execution Description: Cryptowall

[FD] REvil.Ransom / Code Execution

Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/4c5c1731481ea8d67ef6076810c49e00.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and

[FD] Ransom.WannaCry / Code Execution

Discovery / credits: Malvuln - (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/84c82835a5d21bbcf75a61706d8ab549.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln ISR: ApparitionSec Threat: Ransom.WannaCry Vulnerability: Code Execution Description

[FD] REvil.Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/979635229dfcfae1aae74ae296ec78c8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its

[FD] Ransom.Conti / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/3c55ee6753408bff2e3e6a392ed9f2a0.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its

[FD] Conti.Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/710a77804637f65e22a2e230ff6444f9.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Conti.Ransom Vulnerability: Code Execution Description: Conti looks for and loads a DLL named

[FD] RedLine.Stealer / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/0adb0e2ac8aa969fb088ee95c4a91536.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: RedLine.Stealer Vulnerability: Code Execution Description: RedLine looks for and loads a DLL named

[FD] REvil Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: REvil Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its

[FD] Conti Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Conti Ransom Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its

[FD] LokiLocker Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/2ffc2446a2a6cf04c06a85deb43b9fb8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: LokiLocker Ransom Vulnerability: Code Execution Description: LokiLocker looks for and executes

[FD] BlackBasta Ransom / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/998022b70d83c6de68e5bdf94e0f8d71.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: BlackBasta Ransom Vulnerability: Code Execution Description: BlackBasta looks for and loads a DLL

[FD] Ransom.AvosLocker / Code Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/40f2238875fcbd2a92cfefc4846a15a8.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.AvosLocker Vulnerability: Code Execution Description: The ransomware looks for and executes

[FD] Ransom.LockBit / DLL Hijacking

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.LockBit Vulnerability: DLL Hijacking Description: LockBit ransomware looks for and executes

  1   2   3   4   5   6   7   >