Event ID - 31889

Port No31889
Service NameBDDT
RFC Doc0
ProtocolTCP
DescriptionBDDT is a RAT written in the Delphi language by the author with the nickname, godmch. Once installation, BDDT modifies the registry to ensure that it is executed whenever Windows starts. By default, BDDT monitors Transmission Control Protocol (TCP) port 31889. The BDDT server opens a backdoor and enables remote attackers to perform malicious actions including execute programs, obtain user information, and flood the system to conduct a Denial of Service (DoS) attack.
Reference LinkMore Information
AttackName:BDDT

A Trojan horse is a malicious program hidden in normally useful and harmless software. Trojan horse programs cannot replicate themselves, whereas viruses and worms can replicate themselves. A backdoor is a method that attackers use to gain unauthorized access to a system. A Remote Administration Tool (RAT) is a kind of Trojan that enables remote attackers to gain full control over an infected machine.

A RAT typically uses the client/server communication model. The attack is conducted through a client program running on the attacker's machine, and a server program running on the target machine that opens a backdoor to receive commands from the client.

Backdoor BDDT is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files. The BDDT Client operates over ports 32000 and 1025. The server runs from files "C:\WINDOWS\SYSTEM\JOJO.EXE" and "C:\WINDOWS\SYSTEM\MSRUN.EXE" over ports 1026, 10887, and 10889. Both use TCP

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.