Davep007 0 Posted February 7, 2020 Posted February 7, 2020 Is anyone familiar with VUBRUTE. Infected server had this on it. They were using the server as a host for their local work while they are in Russia. Initial hack originated from a google account breach possibly. There was a google breach and possibly a VPN breach, don't know which one was first.
itman 1,807 Posted February 7, 2020 Posted February 7, 2020 It's been around for a while: https://www.hack2world.com/2015/12/vubrute-for-windows-tested.html https://rstforums.com/forum/topic/101338-vubrute-10/
itman 1,807 Posted February 7, 2020 Posted February 7, 2020 (edited) Related brute force hack tools: Quote Legitimate remote administration tools used by attackers: RealVNC: Client / Server VNC. ThighVNC: Client / Server VNC. NVNC: Server VNC. Ammyy: Client / Server for remote administration. Bitvise: Client / Server SSH. Malicious tools developed by third parties: VNC-Scanner: scan tool that searches for vulnerable VNC machines and exploits vulnerabilities in this service. Fast RDP Brute: tool used in brute-force attacks to obtain access credentials on RDP systems. VUBrute: tool used in brute-force attacks to obtain access credentials on VNC systems. DUBrute: tool used in brute-force attacks to obtain access credentials on RDP systems. LameScan: tool used in brute-force attacks to obtain access credentials on Radmin systems. Advanced IP Scanner: network scanner and Trojan installer on RDP and Radmin systems. Sanmao Email Collector: collector of email addresses on websites. Sanmao Email Scraper: collects email addresses in search tools. Sanmao SMTP Mail Cracker: tool used in brute force attacks for email. https://sidechannel.tempestsi.com/hydrapos-operation-of-brazilian-fraudsters-has-accumulated-at-least-1-4-million-card-data-b05d88ad3be0 Edited February 7, 2020 by itman
Davep007 0 Posted February 7, 2020 Author Posted February 7, 2020 Very little information about it. What we saw was it logging attempts made VPN's. The files were hidden we could not find them and the hacker actually VPN'd in while were on the machine to get his text files that had the successful and non successful IP addresses and passwords.
Davep007 0 Posted February 7, 2020 Author Posted February 7, 2020 he took us to the file when he went to retrieve the txt files.
Davep007 0 Posted February 7, 2020 Author Posted February 7, 2020 Is there an authority that investigates hacks. or do we simply just take it and shut up? Who do you call to report hacks?
Most Valued Members Nightowl 206 Posted February 7, 2020 Most Valued Members Posted February 7, 2020 35 minutes ago, Davep007 said: Is there an authority that investigates hacks. or do we simply just take it and shut up? Who do you call to report hacks? That's a different story which isn't on the Antivirus' company tasks You need to call your local authorities who are responsible for cyber incidents , that will be probably the Police if there is no special department.
itman 1,807 Posted February 7, 2020 Posted February 7, 2020 Appears latest ver. of VUBRUTE can be downloaded here: https://hackforums.net/showthread.php?tid=5821898 . Of course, you will have to join the forum first ............. 😰
Most Valued Members Nightowl 206 Posted February 9, 2020 Most Valued Members Posted February 9, 2020 On 2/7/2020 at 10:35 PM, itman said: Appears latest ver. of VUBRUTE can be downloaded here: https://hackforums.net/showthread.php?tid=5821898 . Of course, you will have to join the forum first ............. 😰 It's good to be able to have your hands on these kinds of brute force tools or another tools , it's helpful when you are testing your own network , but it's not when it's in the wrong hands and against you.
Recommended Posts