SCAN: Canvas Helium Agent (1)

This signature detects Helium, a python-based Trojan installed after a system is exploited by the Canvas Framework from Immunitysec. By default, Canvas uses port 31337, but an attacker can configure Canvas to use any port. Remote attackers can use the Helium Trojan to gain full access to the infected host, including loading programs such as port scanners, exploits, and distributed computing modules.

Short Name
SCAN:CANVAS:HELIUM-AGENT-1
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SCAN
Keywords
(1) Agent Canvas Helium
Release Date
02/12/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown

Found a potential security threat?