TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
324
Signature ID: 3212
New Silencer BackDoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The New silencer Backdoor is a backdoor program that permits
unauthorized users to remotely perform a variety of operations, such as changing the registry, executing commands,
starting services, listing files, and uploading or downloading files. The backdoor uses a client-server relationship,
where the server component is installed in the victim's system and the remote attacker has control of the client. New
Silencer server component typically listens TCP port 10101.
Signature ID: 3213
Nirvana BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The Nirvana 1.94 is a backdoor that permits unauthorized users to
remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing
files, and uploading or downloading files. The Nirvana backdoor uses a client-server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. Nirvana typically runs
from the server file "c:\WINDOWS\FONTS\Arial.exe" over TCP port 2255.
Signature ID: 3216
NOK NOK BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. NokNok is a backdoor Trojan that affects Microsoft Windows family
of operating systems. The backdoor uses a client-server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. NokNok has multiple variants, including Noknok 5,
Noknok 6, Noknok 7, Noknok 7.2, Noknok 8, Noknok 8.0.b, Noknok 8.1, and Noknok 8.2. This signature detects
NokNok 7.0 backdoor. NokNok 7.0 Backdoor permits unauthorized users to remotely perform a variety of operations,
such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
NokNok typically listens on TCP port 666.
Signature ID: 3219
NoSecure BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. NOSecure, also known as NOSecure DOS, is a backdoor affecting
Microsoft Windows family of operating systems. The backdoor uses a client-server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. This signature detects
NoSecure Backdoor 1.2. NoSecure Backdoor 1.2 is a backdoor program that permits unauthorized users to remotely
log keystrokes, run applications, alter the user interface, shutdown windows, etc. NoSecure Backdoor 1.2 typically
listens on TCP ports 5933, 5221, 7290, and 7291.
Signature ID: 3220
Oblivion BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Oblivion is a backdoor Trojan affecting Microsoft Windows family of