Skip to content

Commit 77c2873

Browse files
feiniao112feiniao112
authored
可疑或危险项判断逻辑
1 parent 08506ac commit 77c2873

File tree

2 files changed

+226
-0
lines changed

2 files changed

+226
-0
lines changed

checkrules/dangerstcpports.dat

Lines changed: 225 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,225 @@
1+
#病毒木马
2+
3+
31:木马Master Paradise、HackersParadise
4+
99:后门程序ncx99
5+
121:木马BO jammerkillahV
6+
135:DCOM服务,冲击波病毒利用,建议关闭
7+
445:Microsoft-DS,为共享默认开放,震荡波病毒利用,一般应关闭
8+
456:木马HACKERS PARADISE
9+
555:木马PhAse1.0、Stealth Spy、IniKiller
10+
666:木马Attack FTP、Satanz Backdoor
11+
1001:木马Silencer,WebEx
12+
1011:木马Doly
13+
1024:动态端口的开始,木马yai
14+
1025:inetinfo.exe(互联网信息服务)木马netspy
15+
1070:木马Psyber Stream,Streaming Audio
16+
1234:木马SubSeven2.0、Ultors Trojan
17+
1243:木马SubSeven1.0/1.9
18+
1245:木马Vodoo,GabanBus,NetBus,Vodoo
19+
1492:木马FTP99CMP
20+
1509:木马Psyber Streaming Server
21+
1524:许多攻击脚本安装一个后门SHELL在这个端口
22+
1524:FreeBSD (FBRK) Rootkit backdoor
23+
1600:木马Shivka-Burka
24+
1807:木马SpySender
25+
1981:木马ShockRave
26+
1984:Fuckit Rootkit
27+
1999:木马BackDoor,yai
28+
2000:木马GirlFriend 1.3、Millenium 1.0
29+
2001:木马Millenium 1.0、Trojan Cow,黑洞2001
30+
2006:CB Rootkit or w00tkit Rootkit SSH server
31+
2023:木马Pass Ripper
32+
2115:木马Bugs
33+
2128:MRK
34+
2140:木马Deep Throat 1.0/3.0,The Invasor
35+
2565:木马Striker
36+
2583:木马Wincrash 2.0
37+
2801:木马Phineas Phucker
38+
2847:诺顿反病毒服务
39+
3024:木马WinCrash
40+
3129:木马Master Paradise
41+
3150:木马The Invasor,deep throat
42+
3210:木马SchoolBus
43+
3333:木马Prosiak
44+
3700:木马Portal of Doom
45+
3996:木马RemoteAnything
46+
4060:木马RemoteAnything
47+
4092:木马WinCrash
48+
4590:木马ICQTrojan
49+
4950:木马IcqTrojan
50+
5000:木马blazer5,Sockets de Troie默认开放5000端口,一般应关闭
51+
5001:木马Sockets de Troie
52+
5321:木马Sockets de Troie
53+
5400:木马Blade Runner
54+
5401:木马Blade Runner
55+
5402:木马Blade Runner
56+
5550:木马xtcp
57+
5569:木马Robo-Hack
58+
5742:木马WinCrash1.03
59+
6267:木马广外女生
60+
6400:木马The tHing
61+
6666:rogue IRC bot
62+
6667:rogue IRC bot
63+
6668:rogue IRC bot
64+
6669:rogue IRC bot
65+
6670:木马Deep Throat
66+
6671:木马Deep Throat 3.0
67+
6883:木马DeltaSource
68+
6939:木马Indoctrination
69+
6969:木马Gatecrasher、Priority
70+
7000:木马Remote Grab
71+
7000:Possible rogue IRC bot
72+
7300:木马NetMonitor
73+
7301:木马NetMonitor
74+
7306:木马NetMonitor,NetSpy1.0
75+
7307:木马NetMonitor
76+
7308:木马NetMonitor
77+
7511:木马聪明基因
78+
7597:木马Quaz
79+
7626:木马冰河
80+
7676:木马Giscier
81+
7789:木马ICKiller
82+
8011:木马way2.4
83+
8225:木马灰鸽子
84+
8311:木马初恋情人
85+
9400:木马Incommand 1.0
86+
9401:木马Incommand 1.0
87+
9402:木马Incommand 1.0
88+
9872:木马Portal of Doom
89+
9873:木马Portal of Doom
90+
9874:木马Portal of Doom
91+
9875:木马Portal of Doom
92+
9899:木马InIkiller
93+
9989:木马iNi-Killer
94+
10067:木马iNi-Killer
95+
10167:木马iNi-Killer
96+
11000:木马SennaSpy
97+
11233:木马Progenic trojan
98+
12076:木马Telecommando
99+
12223:木马Hack‘99 KeyLogger
100+
12345:木马NetBus1.60/1.70、GabanBus
101+
12346:木马NetBus1.60/1.70、GabanBus
102+
12361:木马Whack-a-mole
103+
13000:Possible Universal Rootkit (URK) SSH server
104+
14856:Optic Kit (Tux)
105+
16959:木马Subseven
106+
16969:木马Priority
107+
19191:木马蓝色火焰
108+
20000:木马Millennium
109+
20001:木马Millennium
110+
20034:木马NetBus Pro
111+
21554:木马GirlFriend
112+
22222:木马Prosiak
113+
23444:木马网络公牛
114+
23456:木马Evil FTP、Ugly FTP
115+
25000:Possible Universal Rootkit (URK) component
116+
26274:木马Delta
117+
27374:木马Subseven 2.1
118+
29812:FreeBSD (FBRK) Rootkit default backdoor port
119+
30100:木马NetSphere
120+
30129:木马Masters Paradise
121+
30303:木马Socket23
122+
30999:木马Kuang
123+
31337:木马BO(Back Orifice)
124+
31337:Historical backdoor port
125+
31338:木马BO(Back Orifice),DeepBO
126+
31339:木马NetSpy DK
127+
31666:木马BOWhack
128+
32982:Solaris Wanuk
129+
33333:木马Prosiak
130+
33369:Volc Rootkit SSH server (divine)
131+
34324:木马Tiny Telnet Server、BigGluck、TN
132+
40412:木马The Spy
133+
40421:木马Masters Paradise
134+
40422:木马Masters Paradise
135+
40423:木马Masters Paradise
136+
40426:木马Masters Paradise
137+
43210:木马SchoolBus 1.0/2.0
138+
44445:木马Happypig
139+
47018:Possible Universal Rootkit (URK) component
140+
47107:T0rn
141+
47262:木马Delta
142+
50505:木马Sockets de Troie
143+
50766:木马Fore
144+
53001:木马Remote Windows Shutdown
145+
54320:木马bo2000
146+
54321:木马SchoolBus 1.0/2.0
147+
60922:zaRwT.KiT
148+
61466:木马Telecommando
149+
62883:Possible FreeBSD (FBRK) Rootkit default backdoor port
150+
65000:木马Devil 1.03
151+
65535:FreeBSD Rootkit (FBRK) telnet port
152+
153+
#挖矿矿池
154+
#格式:端口号:相关挖矿类型描述:对应进程名
155+
#X:代表未知进程
156+
1111:挖矿木马:X
157+
2222:挖矿木马:X
158+
3333:挖矿木马:X
159+
3367:ZCL挖矿木马(zclassic.f2pool.com):ZecMiner64
160+
3377:ZEN挖矿木马(zencash.f2pool.com):ZecMiner64
161+
3636:RVN挖矿木马(raven.f2pool.com):(sgminer|ccminer)
162+
4444:挖矿木马:X
163+
5555:挖矿木马:X
164+
5730:DCR挖矿木马(dcr.f2pool.com):
165+
5740:多功能挖矿木马([raven|xzc|dcr].f2pool.com):(ccminer|sgminer|cpuminer-avx2)
166+
5750:PGN挖矿木马(pigeon.f2pool.com):(sgminer|ccminer)
167+
6666:挖矿木马:X
168+
6688:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
169+
7777:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
170+
8008:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
171+
8118:ETC挖矿木马(etc.f2pool.com):EthDcrMiner64
172+
8220:8220挖矿木马:X
173+
8332:挖矿木马:X
174+
8333:挖矿木马:X
175+
8888:挖矿木马:X
176+
9008:XVG挖矿木马(xvg-blake2s.f2pool.com):ccminer
177+
9009:XVG挖矿木马(xvg-scrypt.f2pool.com):X
178+
9010:XVG挖矿木马(xvg-x17.f2pool.com):sgminer
179+
9011:XVG挖矿木马(xvg-groestl.f2pool.com):X
180+
9012:XVG挖矿木马(xvg-lyra.f2pool.com):(sgminer|ccminer)
181+
9221:BTM挖矿木马(btm.f2pool.com):(HSPMinerBTMiner_NebuTech)
182+
9327:litecoin挖矿:X
183+
9332:bitcoin挖矿:X
184+
9501:BCD挖矿木马(bcd-pool.beepool.org):ccminer
185+
9502:BTM挖矿木马(btm-pool.beepool.org):BTMinerNebuTech
186+
9503:HC挖矿木马(hc-pool.beepool.org):X
187+
9504:SUQA挖矿木马(suqa-pool.beepool.org):X
188+
9505:AE挖矿木马(ae-pool.beepool.org):(bminer|qskg_ae|HSPMinerAE)
189+
9507:BEAM挖矿木马(beam-pool.beepool.org):beam-cuda-miner
190+
9509:DASH挖矿木马(dash-pool.beepool.org):X
191+
9510:GRIN挖矿木马(grin-pool.beepool.org):miner
192+
9518:ETC挖矿木马(etc-pool.beepool.org):EthDcrMiner64
193+
9522:BCX挖矿木马(bcx-pool.beepool.org):ccminer
194+
9530:ETH挖矿木马(eth-pool.beepool.org):EthDcrMiner64
195+
9531:RVN挖矿木马(rvn-pool.beepool.org):ccminer
196+
9540:MOAC挖矿木马(moac-pool.beepool.org):EthDcrMiner64
197+
9568:DCR挖矿木马(dcr-pool.beepool.org):X
198+
9999:挖矿木马:X
199+
11110:DGB挖矿木马(dgb-sha256d.f2pool.com):X
200+
11112:DGB挖矿木马(dgb-groestl.f2pool.com):X
201+
11113:DGB挖矿木马(dgb-skein.f2pool.com):X
202+
11114:DGB挖矿木马(dgb-qubit.f2pool.com):X
203+
13333:ETN挖矿木马(etn.f2pool.com):(xmrig|NsCpuCNMiner64|xmrig-nvidia|ccminer-x64|xmrig-amd|NsGpuCNMiner)
204+
13531:XMR挖矿木马(xmr.f2pool.com):(xmrig|NsCpuCNMiner64|NsGpuCNMiner|xmrig-nvidia|xmrig-amd)
205+
13541:XMR挖矿木马(xmr-classic.f2pool.com):X
206+
13654:XDAG挖矿木马(xdag.f2pool.com):DaggerGpuMiner
207+
14433:挖矿木马:X
208+
14444:挖矿木马:X
209+
15555:PASC挖矿木马(pasc.f2pool.com):EthDcrMiner64
210+
20012:GIN挖矿木马(gin.f2pool.com):ccminer-x64
211+
20581:挖矿木马:X
212+
20593:MONA挖矿木马(mona.f2pool.com):ccminer-x64
213+
45560:XMR挖矿木马(xmr.pool.minergate.com):xmr-stak
214+
45590:挖矿木马:X
215+
45700:minergate.com挖矿木马:X
216+
45790:挖矿木马:X
217+
52137:WMAMiner挖矿蠕虫:X
218+
55335:挖矿木马:X
219+
65333:挖矿木马:X
220+
221+
222+
#代理
223+
1080:shadansocks客户端
224+
225+
#其他

checkrules/dangersudpports.dat

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
2001:Scalper

0 commit comments

Comments
 (0)