TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
325
operating systems. The backdoor uses a client-server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. Oblivion Backdoor is a Trojan that permits
unauthorized users to remotely manage and execute files, reconfigure server for auto-launch, etc. Oblivion typically
runs from the server file "C:\WINDOWS\msload32.exe" that listens on TCP port 7826.
Signature ID: 3221
WinRAT BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. WinRat is a backdoor Trojan affecting Microsoft Windows family of
operating systems. The backdoor uses a client-server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. This signature detects WinRAT . WinRAT Backdoor
1.0 is a backdoor that permits unauthorized users to remotely alter the user interface, shutdown windows, shutdown
monitor, terminate internet connection, etc. WinRAT typically runs from the server file "C:\WINDOWS\START
MENU\PROGRAMS\STARTUP\STARTUP.EXE" and listens on TCP ports 23005 and 23006.
Signature ID: 3222
Osiris BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Osiris is a backdoor Trojan affecting Microsoft Windows family of
operating systems. Osiris has multiple variations, including Osiris 1.30, Osiris 2.0, Osiris 2.1, and Osiris b. This
backdoor uses a client-server relationship, where the server component is installed in the victim's system and the
remote attacker has control of the client.Osiris backdoor permits unauthorized users to remotely gain access to the host
system and perform a variety of operations on the host system. Osiris typically listens on TCP ports 56565, 34343, and
45454.
Signature ID: 3223
OOTLT BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. This signature detects OOTLT backdoor which is also known as
'Peanut.a'. OOTLT is written in Visual Basic that affects Microsoft Windows family of operating systems. The
backdoor uses a client-server relationship, where the server component is installed in the victim's system and the
remote attacker has control of the client. OOTLT backdoor allows unauthorized remote attackers to gain access to the
host system and perform a variety of operations. The server typically attempts to open TCP port 5011, to allow the
client system to connect. OOTLT could allow a remote attacker to gain unauthorized access to the system.
Signature ID: 3224
Optix Pro BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Optix is a backdoor Trojan affecting Microsoft Windows family of
operating systems. Optix uses a client-server relationship, where the server component is installed in the victim's
system and the remote attacker has control of the client. Optix pro 1.0 is a Trojan backdoor that permits unauthorized
users to remotely disable personal firewalls and antivirus software, captures passwords of users using an inbuilt
keylogger, etc. Optix Pro typically runs from the server file "c:\windows\spooll32.exe" and listens on TCP ports 3410
and 1025 and UDP port 1025. Optix has multiple variants. These include : Optix 0.3b, Optix 0.4, Optix Killer 3, Optix
Lite, Optix Lite 0.2, Optix Lite 0.4, Optix Lite 1.0 ,Optix Lite 5, Optix Pager, Optix Pro 1.0, Optix Pro 1.1, Optix Pro
1.2, Optix Pro 1.3, Optix Pro 1.31, Optix Pro 1.32, OptixKill 1.0, OptixKill 2.0, and OpWin 1.1.