Event ID - 2989

Port No2989
Service NameBKDR_RAT
RFC Doc0
ProtocolUDP
DescriptionThis backdoor program allows a remote user access to an infected computer. It has a server component that it installs on an infected computer and a client component that it uses to control and access an infected computer. It compromises network security
Reference LinkBKDR_RAT
AttackSolutions:

Once the server component is executed, it stays resident in memory. Thereafter, a remote user running this client component can logon and gain access to the computer infected with the server component.

This client component is capable of doing the following to an infected system:

View/Terminate list of processes running
Run a program
View/Remove/Add registry entries
View Network drives
Reboot the system
Change the port and password of the server
Log keystrokes and applications
Copy/View/Move/Delete/Find files

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.