|
Port 2005 Details
known port assignments and vulnerabilities
threat/application/port search:
| Port(s) |
Protocol |
Service |
Details |
Source |
| 2005 |
tcp |
trojans |
W32.Reatle.E@mm [Symantec-2005-080215-5809-99] (2005.08.02) - a mass-mailing worm that opens a backdoor and also spreads by exploiting the MS DCOM RPC Vulnerability ([MS03-026]) on port 135/tcp. It uses its own SMTP engine to email itself to gathered email addresses. Opens an FTP server on port 1155/tcp. Opens a proxy server on port 2005/tcp. It also attempts to perform denial of service (DDoS) attack agains known security websites on port 1052/tcp. Note: port 1052 corresponds to the dynamic DNS service.
Duddie, TransScout trojans also use port 2005 (TCP).
Backdoor.Win32.Delf.zs / Unauthenticated Remote Command Execution - Backdoor Delf.zs c0ded By Eb0La, is used to build backdoors that listen on TCP port 2005. Upon building it drops an executable named "[Shell_Me]_Server.exe." The name for the spawned backdoor defaults to "Syst32.exe" but can be customized. Third-party attackers who can reach infected systems can execute arbitrary commands by simply connecting to the backdoor which will return a remote shell to the infected host as no authentication exists.
References: [MVID-2021-0150] |
SG
|
| 2005 |
tcp |
trojan |
Duddie |
Trojans
|
| 2005 |
tcp |
deslogin |
encrypted symmetric telnet login |
SANS
|
| 2005 |
tcp |
TransScout |
[trojan] TransScout |
SANS
|
| 2005 |
tcp |
deslogin |
encrypted symmetric telnet/login |
Nmap
|
| 2005 |
udp |
oracle |
oracle |
Nmap
|
| 2005 |
tcp |
berknet |
berknet |
Neophasis
|
| 2005 |
tcp,udp |
threat |
W32.Reatle |
Bekkoame
|
|
8 records found
Related ports: 2002 2003 2004
|