Notes / Threat IntelligenceKUKA.WorkVisual DeviceInfoKUKA.WorkVisual DeviceInfo5 February 20221 min readCategories:threat-intelligenceTags:tcp49003kukaroboticsContentsPacket detailsProtocolPortContent MD5Sample date timeASCIIHEXExternal referenceOriginal packetArchive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. KUKA.WorkVisual configuration software for KUKA KR C4 (Robotics) DeviceInfo callPacket detailsProtocolTCPPort49003Content MD5785e181c-55a9-1ded-fcf4-d3d4a2e46104Sample date time2022-01-27 08:55:43.745ASCIIIP x.x.x.x is the WorkVisual endpoint IP)net.tcp://x.x.x.x:49003/DeviceInfo *)net.tcp://x.x.x.x:49003/DeviceInfoV HEX000100010202296e65742e7463703a2f2f35322e3231302e3133312e3234323a34393030332f446576696365496e666f03080c0683012a296e65742e7463703a2f2f35322e3231302e3133312e3234323a34393030332f446576696365496e666f56020b0173040b0161065608440a1e0082ab9a05441aad03ce89d3e5e4e6469f3ece436eec3d29440c1e0082ab0101560e4298050a20429405442aab140142b205421ead08f1ec3fcf04c54ca1e279b7b678af4501010101 External referenceKUKA.WorkVisualEndpoint analysisOriginal packetBytes← IBM-3279-4-E TelnetBabylon RAT C2 Client Request →
