TeamViewer Attempting Connection via UDP Port 8333 - 8332 ?

imtriton
imtriton Posts: 3
edited May 2023 in General questions

When performing  investigations on Presence of BTC Mining on Enterprise Network.

In one of the event i see the below, TeamViewer trying to connect to an external Address using 8333 Port

As we are aware 8333 Port is used mostly for BTC Mining, Etc.ver.PNG

teamv.PNG

Can Anyone share their inputs on this? Or is this is a False Positive?

 AFAIK TeamViewer in first place has nothing to do with PORT 8333 / 8332.

 

 

 

 

Tagged:

Comments

  • Alitai
    Alitai Posts: 18 ✭✭

    First i would say can you check the Hash from the TeamViewer_Service.exe?

    My sha1 is: "83404CDDB0638A762F7E2FC2080D10F69D6F7AF1"

    Otherwise you can find the Ports Teamviewer use here:

    https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139

    Sorry i can't really Help you but that's the first Point i would check.

    Regards

    Alitai

  • imtriton
    imtriton Posts: 3

    Dear Alitai,

    Thank You! I too in the first place had the same thought and verifed the executable and its the TeamViewer.

    Team#.PNG

     

  • Alitai
    Alitai Posts: 18 ✭✭

    Hi imtriton

    As expected it's the same hash...

    Go on a other Forum (like Reddit) and ask there if anybody has see the same in the Logs.

    Also i found this on Reddit:

    They say that they found also Logs that someone is using TV at night to in this case steal Bitconis. This has maybe nothing todo with your case but it's interesting, anyway i would check the Times of the Logs ect. and change the PW.

    Regards

    Alitai

  • imtriton
    imtriton Posts: 3

    Yea, I ll share the logs shortly to TV Support. To Investigate this further

Trustpilot

Categories

This Week's Leaders