TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
344
Signature ID: 3328
Backdoor YAT 3.01
Threat Level: Critical
Signature Description: Backdoor YAT 3.01 is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. YAT typically operates over
port 37653 via TCP.
Signature ID: 3329
Backdoor BlackCore 2.1
Threat Level: Critical
Signature Description: Backdoor BlackCore 2.1 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 55126 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 55126 for external users.
Signature ID: 3330
Backdoor ColdFusion 1.2
Threat Level: Critical
Signature Description: Backdoor ColdFusion 1.2 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 5005 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 5005 for external users.
Signature ID: 3331
Backdoor FeRAT 1.00
Threat Level: Critical
Signature Description: Backdoor FeRAT 1.00 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 1234 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 1234 for external users.
Signature ID: 3332
Backdoor Hatredfiend 1.3
Threat Level: Critical
Signature Description: Backdoor Hatredfiend 1.3 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 18713 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 18713 for external users.