EC EHE - Trojan Ports

Ports represent the entry and exit points of data traffic. There are two types of ports: hardware ports and software ports. Ports within the OS are software ports, and they are usually entry and exit points for application traffic (e.g., port 25 is associated with SMTP for e-mail routing between mail servers). Many existing ports are application-specific or process-specific. Various Trojans use some of these ports to infect target systems.

Users need a basic understanding of the state of an "active connection” and ports commonly used by Trojans to determine whether a system has been compromised.

Among the various states, the “listening” state is the important one in this context. The system generates this state when it listens for a port number while waiting to connect to another system. Whenever a system reboots, Trojans move to the listening state; some use more than one port: one for "listening" and the other(s) for data transfer. Common ports used by different Trojans are listed in the table below.

 

Port

Trojan

Port

Trojan

2

Death

5001/50505

Sockets de Troie

20/22/80/
443

Emotet

5321

FireHotcker

21/3024/
4092/5742

WinCrash

5400-02

Blade Runner/Blade Runner 0.80 Alpha

21

Blade Runner, Doly Trojan, Fore,
Invisible FTP, WebEx, WinCrash, DarkFTP

5569

 Robo-Hack

22

Shaft, SSH RAT, Linux Rabbit

6267

GW Girl

23

Tiny Telnet Server, EliteWrap

6400

Thing

25

Antigen, Email Password Sender, Terminator, WinPC, WinSpy, Haebu Coceda, Shtrilitz Stealth, Terminator, Kuang2 0.17A-0.30, Jesrto, Lazarus Group, Mis-Type, Night Dragon

6666

KilerRat, Houdini RAT

26

BadPatch

6667/12349

Bionet, Magic Hound

31/456

Hackers Paradise

6670-71

 DeepThroat

53

Denis, Ebury, FIN7, Lazarus Group, RedLeaves, Threat Group-3390, Tropic Trooper

6969

 GateCrasher, Priority

68

Mspy

7000

 Remote Grab

80

Necurs, NetWire, Ismdoor, Poison Ivy, Executer, Codered, APT 18, APT 19, APT 32, BBSRAT, Calisto, Carbanak, Carbon, Comnie, Empire, FIN7, InvisiMole, Lazarus Group, MirageFox, Mis-Type, Misdat, Mivast, MoonWind, Night Dragon, POWERSTATS, RedLeaves, S-Type, Threat Group-3390, UBoatRAT

7300-08

 NetMonitor

113

Shiver

7300/31338/31339

Net Spy

139

Nuker, Dragonfly 2.0

7597

Qaz

421

TCP Wrappers Trojan

7626

Gdoor

443

ADVSTORESHELL , APT 29, APT 3, APT 33, AuditCred, BADCALL, BBSRAT, Bisonal, Briba, Carbanak, Cardinal RAT, Comnie, Derusbi, ELMER, Empire, FELIXROOT, FIN7, FIN8 , gh0st RAT, HARDRAIN, Hi-Zor, HOPLIGHT, KEYMARBLE, Lazarus Group, LOWBALL, Mis-Type, Misdat, MoonWind, Naid, Nidiran, Pasam, PlugX, PowerDuke, POWERTON, Proxysvc, RATANKBA, RedLeaves, S-Type, TEMP.Veles , Threat Group-3390, TrickBot, Tropic Trooper, TYPEFRAME, UBoatRAT

7777

GodMsg

445

WannaCry, Petya, Dragonfly 2.0

7789

 ICKiller

456

Hackers Paradise

8000

BADCALL, Comnie, Volgmer

555

Ini-Killer, Phase Zero, Stealth Spy

8012

Ptakks

666

Satanz Backdoor, Ripper

8080

Zeus, APT 37, Comnie, EvilGrab, FELIXROOT, FIN7, HTTPBrowser, Lazarus Group, Magic Hound, OceanSalt, S-Type, Shamoon, TYPEFRAME, Volgmer

1001

Silencer, WebEx

8443

FELIXROOT, Nidiran, TYPEFRAME

1011

Doly Trojan

8787/54321

 BackOfrice 2000

1026/
64666

RSM

9989

 iNi-Killer

1095-98

RAT

10048

Delf

1170

Psyber Stream Server, Voice

10100

Gift

1177

njRAT

10607

 Coma 1.0.9

1234

Ultors Trojan

11000

Senna Spy

1234/
12345

Valvo line

11223

 Progenic Trojan

1243

SubSeven 1.0 – 1.8

12223

 Hack´99 KeyLogger

1243/6711/6776/27374

Sub Seven

12345-46

 GabanBus, NetBus

1245

VooDoo Doll

12361, 12362

Whack-a-mole

1777

Java RAT, Agent.BTZ/ComRat, Adwind RAT

16969

Priority

1349

Back Office DLL

20001

Millennium

1492

FTP99CMP

20034/1120

NetBus 2.0, Beta-
NetBus 2.01

1433

Misdat

21544

GirlFriend 1.0, Beta-1.35

1600

Shivka-Burka

22222/
33333

Prosiak

1604

DarkComet RAT, Pandora RAT, HellSpy RAT

22222

Rux

1807

SpySender

23432


Asylum

1863

XtremeRAT

23456

Evil FTP, Ugly FTP

1981

Shockrave

25685

Moon Pie

1999

BackDoor 1.00-1.03

26274

Delta

2001

Trojan Cow

30100-02

NetSphere 1.27a

2115

Bugs

31337-38

Back Orifice/ Back Orifice 1.20 /Deep BO

2140

The Invasor

31338

DeepBO

2140/3150

DeepThroat

31339

NetSpy DK

2155

Illusion Mailer, Nirvana

31666

BOWhack

2801

Phineas Phucker

34324

BigGluck, TN

3129

Masters Paradise

40412

The Spy

3131

SubSari

40421-26

Masters Paradise

3150

The Invasor

47262

Delta

3389

RDP

50766

Fore

3700/9872-9875/10067/10167

Portal of Doom

53001

Remote Windows
Shutdown

4000

RA

54321

SchoolBus .69-1.11 /

4567

File Nail 1

61466

Telecommando

4590

ICQTrojan

65000

Devil

5000

Bubbel, SpyGate RAT, Punisher RAT

 

 

 

Comments

Post a Comment

Popular posts from this blog

Why Certifications Methods?

Hey there, Let’s take a step back and change our perspective: Approach certifications as a means to enrich your knowledge and skills, rather than merely a stepping stone to monetary gain or career advancement. Certifications should be about self-improvement and mastery , not just a checkbox on a resume. Embrace the journey of learning for its own sake, and watch how it transforms your personal and professional life in ways you never imagined. The Real Reason Behind Certifications The commercial marketing driving force of certifications is often centered around securing a new or better job. But I urge you to reconsider if this is your primary motivation . Take a moment to reflect on your personal development and your deepest interests within the realm of technology.  Is your passion in: Programming Crafting elegant code and solving complex problems? System Administration, Ensuring seamless operations and managing vast networks? Data Analytics Unraveling the stories hidden within data?
Read blog »

LPI E - ALL K.D.

Image
LPI Linux Essentials Outline All Knowledge Domains and Links to LPI One last check before test! Introduction to Linux >> 1.1 Linux Evolution and Popular Operating Systems >> 1.2 Major Open Source Applications >> 1.3 Open Source Software and Licensing >> 1.4 ICT Skills and Working in Linux Linux Evolution and Popular Operating Systems: This domain covers the history of Linux and its evolution, as well as an overview of popular Linux distributions. Major Open Source Applications: It focuses on introducing commonly used open source applications in the Linux ecosystem, such as LibreOffice, Firefox, and GIMP. Open Source Software and Licensing: This domain covers the concepts of open source software, different types of licenses, and their implications. ICT Skills and Working in Linux: It provides an overview of the basic information and communication technology (ICT) skills needed to work with Linux and explains the benefits of using Linux in variou
Read blog »

CCNP 03 - WANS

Image
WAN Problem Areas Certification Objectives Point-to-Point Protocols Switched Protocols      In this chapter, we will discuss troubleshooting point-to-point and switched protocols. It’s very important to understand the concepts and functionality of each protocol. We will discuss the HDLC and SDLC encapsulation methods, as well as both CHAP and PAP authentications via PPP. We will identify ISDN, Frame Relay, X.25, SMDS, and ATM transmissions and common problems associated with each of them. Point-to-Point Protocol      In the 1980s, the Internet really started to come to life due to its usage by the U.S. government, universities, and large corporations. These hosts were being supported by the Internet Protocol (IP) and connected via a series of LANs. The most common of these LANs was the Ethernet. Other hosts were connected through WANs, using technologies such as X.25. This eventually evolved into the need to transmit data via the original method used before networking was ever establis
Read blog »