Posted by malvuln on Jan 22
Discovery / credits: Malvuln – malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ba815d409cd714c0eac010b5970f6408.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Onalf
Vulnerability: Missing Authentication
Description: WinRemoteShell (Onalf) listens for commands on TCP port
2020. Interestingly, it will only start listening once it can connect
outbound to SMTP port 25. Not much of a self…
– Read More – Full Disclosure