|
Port 27374 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
27374 |
tcp,udp |
SubSeven |
Address Search Protocol Daemon (ASPD)
One of the most commonly probed ports used by many trojans.
SubSeven Trojan horse uses this port (TCP). Also used as a backdoor port left behind by exploit scripts, such as those in the Ramen worm. While some scans for this port may be due to SubSeven, others may be looking for a remote shell.
Other trojan horses/backdoors that use this port: Bad Blood, Ramen, Seeker, Ttfloader, Webhead, TheSaint, Lion, EGO.
BackDoor-G [Symantec-2000-121907-4858-99] uses port 27374/tcp.
Backdoor.Win32.Jokerdoor / Weak Hardcoded Credentials - the malware listens on TCP port 27374. The password "mathiasJ" is weak and hardcoded in the PE file. Failed authentication generates a "POPUP incorrect password..." message, using TELNET results in an error "PWDPerror reading password..." Using Nc64.exe utility results in a trailing line feed character "\n" after the supplied password. This causes the cmp statement check to fail even if the password is correct due to the "\n" character.
References: [MVID-2022-0531]
Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow - the malware listens on TCP port 27374. Attackers who can reach an infected system can send a large payload and trigger a classic stack buffer overflow overwriting the ECX, EIP registers and structured exception handler (SEH). When connecting you will get a "connected" server response, then we supply our payload as a parameter prefixed by "DOS".
References: [MVID-2022-0628] |
SG
|
27374 |
tcp,udp |
|
Sub7 default. Most script kiddies do not change from this. (unofficial) |
Wikipedia
|
27374 |
tcp |
trojan |
Bad Blood, Fake SubSeven, li0n, Ramen, Seeker, SubSeven , SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven 2.2, SubSeven Muie, The Saint |
Trojans
|
27374 |
tcp |
SubSeven |
[trojan] SubSeven |
SANS
|
27374 |
tcp |
subseven |
Subseven Windows trojan |
Nmap
|
27374 |
tcp |
BadBlood |
[trojan] Bad Blood |
Neophasis
|
27374 |
tcp |
EGO |
[trojan] EGO |
Neophasis
|
27374 |
tcp |
FakeSubSeven |
[trojan] Fake SubSeven |
Neophasis
|
27374 |
tcp |
Lion |
[trojan] Lion |
Neophasis
|
27374 |
tcp |
Ramen |
[trojan] Ramen |
Neophasis
|
27374 |
tcp |
Seeker |
[trojan] Seeker |
Neophasis
|
27374 |
tcp |
Subseven2.1.4DefCon8 |
[trojan] Subseven 2.1.4 DefCon 8 |
Neophasis
|
27374 |
tcp |
SubSeven2.1Gold |
[trojan] SubSeven 2.1 Gold |
Neophasis
|
27374 |
tcp |
SubSeven2.2 |
[trojan] SubSeven 2.2 |
Neophasis
|
27374 |
tcp |
SubSevenMuie |
[trojan] SubSeven Muie |
Neophasis
|
27374 |
tcp |
TheSaint |
[trojan] The Saint |
Neophasis
|
27374 |
tcp |
Ttfloader |
[trojan] Ttfloader |
Neophasis
|
27374 |
tcp |
Webhead |
[trojan] Webhead |
Neophasis
|
27374 |
tcp,udp |
threat |
Bad Blood |
Bekkoame
|
27374 |
tcp,udp |
threat |
Baste |
Bekkoame
|
27374 |
tcp,udp |
threat |
Ramen |
Bekkoame
|
27374 |
tcp,udp |
threat |
Seeker |
Bekkoame
|
27374 |
tcp,udp |
threat |
SubSeven |
Bekkoame
|
27374 |
tcp,udp |
threat |
Subseven 2.1.4 DefCon 8 |
Bekkoame
|
27374 |
tcp,udp |
threat |
SubSeven Muie |
Bekkoame
|
27374 |
tcp,udp |
threat |
Ttfloader |
Bekkoame
|
27346-27441 |
tcp,udp |
|
Unassigned |
IANA
|
|
27 records found
|