TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
335
Signature ID: 3279
Backdoor Latinus 1.0
Threat Level: Critical
Signature Description: Backdoor Latinus 1.0 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. It installs itself as
MSLAT.EXE in the Windows directory. It uses a client/server relationship, where the server component is installed on
the victim's system and the remote attacker has control of the client. Latinus typically runs from the server file
"c:\WINDOWS\msHtml.exe" over ports 11831 and 29559 via TCP.
Signature ID: 3280
Backdoor Latinus 1.2
Threat Level: Critical
Signature Description: Backdoor Latinus 1.2 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. It installs itself as
MSLAT.EXE in the Windows directory. It uses a client/server relationship, where the server component is installed on
the victim's system and the remote attacker has control of the client. Latinus typically runs from the server file
"c:\WINDOWS\msHtml.exe" over ports 11831, 21957 and 29559 via TCP. This signature triggers on using the TCP
port 24289.
Signature ID: 3281
Backdoor Latinus 1.2
Threat Level: Critical
Signature Description: Backdoor Latinus 1.2 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. It installs itself as
MSLAT.EXE in the Windows directory. It uses a client/server relationship, where the server component is installed on
the victim's system and the remote attacker has control of the client. Latinus typically runs from the server file
"c:\WINDOWS\msHtml.exe" over ports 11831, 21957 and 29559 via TCP. This signature triggers on using the TCP
port 21957.
Signature ID: 3282
Backdoor Latinus 1.3
Threat Level: Critical
Signature Description: Backdoor Latinus 1.3 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. It installs itself as
MSLAT.EXE in the Windows directory. It uses a client/server relationship, where the server component is installed on
the victim's system and the remote attacker has control of the client. Latinus typically runs from the server file
"c:\WINDOWS\msHtml.exe" over ports 11831, 21957 and 29559 via TCP.
Signature ID: 3283
Backdoor Latinus 1.4
Threat Level: Critical
Signature Description: Backdoor Latinus 1.4 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. It installs itself as
MSLAT.EXE in the Windows directory. It uses a client/server relationship, where the server component is installed on