When performing investigations on Presence of BTC Mining on Enterprise Network.
In one of the event i see the below, TeamViewer trying to connect to an external Address using 8333 Port
As we are aware 8333 Port is used mostly for BTC Mining, Etc.
Can Anyone share their inputs on this? Or is this is a False Positive?
AFAIK TeamViewer in first place has nothing to do with PORT 8333 / 8332.
First i would say can you check the Hash from the TeamViewer_Service.exe?
My sha1 is: "83404CDDB0638A762F7E2FC2080D10F69D6F7AF1"
Otherwise you can find the Ports Teamviewer use here:
Sorry i can't really Help you but that's the first Point i would check.
Thank You! I too in the first place had the same thought and verifed the executable and its the TeamViewer.
As expected it's the same hash...
Go on a other Forum (like Reddit) and ask there if anybody has see the same in the Logs.
Also i found this on Reddit:
They say that they found also Logs that someone is using TV at night to in this case steal Bitconis. This has maybe nothing todo with your case but it's interesting, anyway i would check the Times of the Logs ect. and change the PW.