Jump to content

Vubrute

Davep007

By Davep007
in Malware Finding and Cleaning

 Share

Recommended Posts

Davep007

Davep007 0

Posted
Posted

Is anyone familiar with VUBRUTE. Infected server had this on it. They were using the server as a host for their local work while they are in Russia. Initial hack originated from a google account breach possibly. There was a google breach and possibly a VPN breach, don't know which one was first.

 

iufQOm1OtJOl69W3AF_xAN2EOcVSK5aj8UVOAA97

Link to comment
Share on other sites
  • Marcos changed the title to Vubrute
itman

itman 1,659

Posted
Posted (edited)

Related brute force hack tools:

Quote

Legitimate remote administration tools used by attackers:

  • RealVNC: Client / Server VNC.
  • ThighVNC: Client / Server VNC.
  • NVNC: Server VNC.
  • Ammyy: Client / Server for remote administration.
  • Bitvise: Client / Server SSH.

Malicious tools developed by third parties:

  • VNC-Scanner: scan tool that searches for vulnerable VNC machines and exploits vulnerabilities in this service.
  • Fast RDP Brute: tool used in brute-force attacks to obtain access credentials on RDP systems.
  • VUBrute: tool used in brute-force attacks to obtain access credentials on VNC systems.
  • DUBrute: tool used in brute-force attacks to obtain access credentials on RDP systems.
  • LameScan: tool used in brute-force attacks to obtain access credentials on Radmin systems.
  • Advanced IP Scanner: network scanner and Trojan installer on RDP and Radmin systems.
  • Sanmao Email Collector: collector of email addresses on websites.
  • Sanmao Email Scraper: collects email addresses in search tools.
  • Sanmao SMTP Mail Cracker: tool used in brute force attacks for email.

 

https://sidechannel.tempestsi.com/hydrapos-operation-of-brazilian-fraudsters-has-accumulated-at-least-1-4-million-card-data-b05d88ad3be0

Edited by itman
Link to comment
Share on other sites
Davep007

Davep007 0

Posted
  • Author
Posted

Very little information about it. What we saw was it logging attempts made VPN's. The files were hidden we could not find them and the hacker actually VPN'd in while were on the machine to get his text files that had the successful and non successful IP addresses and passwords.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted
35 minutes ago, Davep007 said:

Is there an authority that investigates hacks. or do we simply just take it and shut up? Who do you call to report hacks?

 

That's a different story which isn't on the Antivirus' company tasks

You need to call your local authorities who are responsible for cyber incidents , that will be probably the Police if there is no special department.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted
On 2/7/2020 at 10:35 PM, itman said:

Appears latest ver. of VUBRUTE can be downloaded here: https://hackforums.net/showthread.php?tid=5821898 . Of course, you will have to join the forum first ............. 😰

It's good to be able to have your hands on these kinds of brute force tools or another tools , it's helpful when you are testing your own network , but it's not when it's in the wrong hands and against you.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...