Chapter 1 - 03 - Define Malware and its Types - 07_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Common Ports used by Trojans Port Trojan 20/22/80/443 Port | Emotet Trojan SpySender 8080 1863 XtremeRAT 8787 / 54321 Blade Runner, DarkFTP 22 SSH RAT, Linux Rabbit 23 EliteWrap 68 Mspy 80 Ismdoor, Poison...

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Common Ports used by Trojans Port Trojan 20/22/80/443 Port | Emotet Trojan SpySender 8080 1863 XtremeRAT 8787 / 54321 Blade Runner, DarkFTP 22 SSH RAT, Linux Rabbit 23 EliteWrap 68 Mspy 80 Ismdoor, Poison Ivy, POWERSTATS 6666 443 Cardinal RAT, ghOst RAT, TrickBot 6667/12349 445 WannaCry, 1177 njRAT 1604 DarkComet 2140/3150/6670-71 | BackOfrice 2000 Delf SpyGate RAT, Punisher RAT 10100 Gift Blade Runner 11000 Senna Spy KilerRat, Houdini RAT 11223 Progenic Trojan Bionet, Magic Hound 12223 Hack 99 KeyLogger 6969 GateCrasher, Priority 23456 Evil FTP, Ugly FTP 7000 Remote Grab 7789 ICKiller 5400-02 | Deep Throat Zeus, Shamoon 10048 5000 RAT, Pandora RAT Trojan 1807 21 Petya Port 31337-38 65000 gii:%gfi‘e[ e Devil Bvevcvaviianzas iz W2 *Noe vy g Copyright © by EC-Councll.All Rights Reserved. Reproduction ks Strictly Prohibited. Common Ports used by Trojans Ports represent the entry and exit points of data traffic. There are two types of ports: hardware ports and software ports. Ports within the OS are software ports, and they are usually entry and exit points for application traffic (e.g., port 25 is associated with SMTP for e-mail routing between mail servers). Many existing ports are application-specific or process-specific. Various Trojans use some of these ports to infect target systems. Users need a basic understanding of the state of an "active connection” and ports commonly used by Trojans to determine whether a system has been compromised. Among the various states, the “listening” state is the important one in this context. The system generates this state when it listens for a port number while waiting to connect to another system. Whenever a system reboots, Trojans move to the listening state; some use more than one port: one for "listening" and the other(s) for data transfer. Common ports used by different Trojans are listed in the table below. Port 2 20/22/80/ 443 21/3024/ 4092/5742 21 Module 01 Page 37 Trojan Death Emotet. WinCrash Bla.dc.e Runner, Doly Troyc.m, Fore, Invisible FTP, WebEx, WinCrash, Port 5001/50505 5321 >400-02 5569 Trojan | Sockets de Troie FireHotcker Blade Runner/Blade Runner 0.80 Alpha Robo-Hack Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 DarkFTP 22 Shaft, SSH RAT, Linux Rabbit 6267 GW Girl 23 Tiny Telnet Server, EliteWrap 6400 Thing 25 Antigen, Email Password Sender, Terminator, WinPC, WinSpy, Haebu Coceda, Shtrilitz Stealth, Terminator, 6666 KilerRat, Houdini RAT 6667/12349 Bionet, Magic Hound Kuang2 0.17A-0.30, Jesrto, Lazarus Group, Mis-Type, Night Dragon 26 31/456 BadPatch Hackers Paradise 6670-71 DeepThroat Denis, Ebury, FIN7, Lazarus Group, 53 RedLeaves, Threat Group-3390, Tropic 6969 GateCrasher, Priority 7000 Remote Grab Trooper 68 Mspy Necurs, NetWire, Ismdoor, Poison lvy, Executer, Codered, APT 18, APT 19, APT 80 32, BBSRAT, Calisto, Carbanak, Carbon, Comnie, Empire, FIN7, InvisiMole, Lazarus Group, MirageFox, Mis-Type, 7300-08 NetMonitor Misdat, Mivast, MoonWind, Night Dragon, POWERSTATS, RedLeaves, SType, Threat Group-3390, UBoatRAT 7300/31338 /31339 113 Shiver 139 Nuker, Dragonfly 2.0 7597 Qaz 421 TCP Wrappers Trojan 7626 Gdoor 7777 GodMsg 443 ADVSTORESHELL , APT 29, APT 3, APT 33, AuditCred, BADCALL, BBSRAT, Bisonal, Briba, Carbanak, Cardinal RAT, Comnie, Derusbi, ELMER, Empire, FELIXROOT, FIN7, FIN8 , ghOst RAT, HARDRAIN, Hi-Zor, HOPLIGHT, Net Spy KEYMARBLE, Lazarus Group, LOWBALL, Mis-Type, Misdat, MoonWind, Naid, Nidiran, Pasam, PlugX, PowerDuke, POWERTON, Proxysvc, RATANKBA, RedLeaves, S-Type, TEMP.Veles , Threat Module 01 Page 38 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Group-3390, TrickBot, Tropic Trooper, TYPEFRAME, UBoatRAT 445 WannaCry, Petya, Dragonfly 2.0 7789 456 Hackers Paradise 8000 555 Ini-Killer, Phase Zero, Stealth Spy 8012 ICKiller BADCALL, C Volgmer ie, RESES Ptakks Zeus, APT 37, Comnie, EvilGrab, FELIXROOT, FIN7, HTTPBrowser, 666 Satanz Backdoor, Ripper 8080 Lazarus Group, Magic Hound, OceanSalt, SType, Shamoon, TYPEFRAME, Volgmer 1001 3 Silencer, WebEx 1011 Doly Trojan 1026/ 8443 8787/54321 | FELIXROOT, Nidiran, TYPEERAME BackOfrice 2000 | pom 9989 iNi-Killer RAT 10048 Delf 1170 Psyber Stream Server, Voice 10100 Gift 1177 njRAT 10607 1234 Ultors Trojan 11000 Valvo line 11223 Progenic Trojan SubSeven 1.0-1.8 12223 Hack’99 KeyLogger 12345-46 GabanBus, NetBus 64666 1095-98 1234/ 12345 1243 Coma 1.0.9 Senna Spy € $ 1243/6711 /6776/273 | Sub Seven 74 1245 VooDoo Doll 1777 Java RAT, Agent.BTZ/ComRat, Adwind 12361, 12362 Whack-a-mole 16969 Priority 20001 Millennium RAT 1349 Module 01 Page 39 Back Office DLL Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 1492 | FTP9ICMP 1433 Misdat 21544 GirlFriend 1.0, Beta-1.35 1600 Shivka-Burka 2323232323/ Prosiak 1604 FliAa\rTkComet RAT, Pandora RAT, HellSpy 29222 RuX 1807 SpySender 23432 Asylum 1863 XtremeRAT 23456 Evil FTP, Ugly FTP 1981 Shockrave 25685 Moon Pie 1999 BackDoor 1.00-1.03 26274 Delta 2001 Trojan Cow 30100-02 NetSphere 1.27a 2115 - 31337-38 Back Orifice/ Back Orifice 1.20 /Deep BO 2140 The Invasor 31338 DeepBO DeepThroat 31339 NetSpy DK 2155 Illusion Mailer, Nirvana 31666 BOWhack 2801 Phineas Phucker 34324 BigGluck, TN 3129 Masters Paradise 40412 The Spy 3131 SubSari 3150 The Invasor 47262 Delta 3389 RDP 50766 Fore Portal of Doom 53001 ;? Lrjr;z:iv\nNindows RA 54321 SchoolBus.69-1.11 / 2140/3150 39783(;//91%226— | 20034/1120 | S0 ;:g'lBEta' 40421-26 Masters Paradise 7/10167 4000 Module 01 Page 40 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 4567 File Nail 1 61466 Telecommando 4590 ICQTrojan 65000 Devil 5000 Bubbel, SpyGate RAT, Punisher RAT Table 1.1: Trojans and corresponding port of attack Module 01 Page 41 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser