Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
PORT 995 465 993 SECURE EMAIL
2009-10-15	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
PORT
2024-06-17/a>	Xavier Mertens	New NetSupport Campaign Delivered Through MSIX Packages
2024-04-25/a>	Jesse La Grew	Does it matter if iptables isn't running on my honeypot?
2023-08-18/a>	Xavier Mertens	From a Zalando Phishing to a RAT
2022-10-31/a>	Rob VandenBrink	NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-21/a>	Brad Duncan	sczriptzzbn inject pushes malware for NetSupport RAT
2022-10-19/a>	Xavier Mertens	Are Internet Scanning Services Good or Bad for You?
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-10-14/a>	Xavier Mertens	Port-Forwarding with Windows for the Win
2021-06-03/a>	Jim Clausing	Strange goings on with port 37
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2020-10-24/a>	Guy Bruneau	An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-02-05/a>	Brad Duncan	Fake browser update pages are "still a thing"
2019-11-19/a>	Johannes Ullrich	Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-08-01/a>	Johannes Ullrich	What is Listening On Port 9527/TCP?
2019-07-26/a>	Kevin Shortt	DVRIP Port 34567 - Uptick
2019-03-09/a>	Guy Bruneau	A Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-12-16/a>	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-01-09/a>	Jim Clausing	What is going on with port 3333?
2017-09-22/a>	Russell Eubanks	What is the State of Your Union?
2017-09-05/a>	Johannes Ullrich	The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-18/a>	Guy Bruneau	tshark 2.4 New Feature - Command Line Export Objects
2017-06-16/a>	Lorna Hutcheson	What is going on with Port 83?
2017-04-22/a>	Jim Clausing	WTF tcp port 81
2017-01-28/a>	Guy Bruneau	Request for Packets and Logs - TCP 5358
2017-01-10/a>	Johannes Ullrich	Port 37777 "MapTable" Requests
2016-05-26/a>	Xavier Mertens	Keeping an Eye on Tor Traffic
2016-04-25/a>	Guy Bruneau	Highlights from the 2016 HPE Annual Cyber Threat Report
2016-02-02/a>	Johannes Ullrich	Targeted IPv6 Scans Using pool.ntp.org .
2015-09-28/a>	Johannes Ullrich	"Transport of London" Malicious E-Mail
2015-06-27/a>	Guy Bruneau	Is Windows XP still around in your Network a year after Support Ended?
2015-04-08/a>	Tom Webb	Is it a breach or not?
2014-10-13/a>	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-09-15/a>	Johannes Ullrich	Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-05/a>	Guy Bruneau	Java Support ends for Windows XP
2014-06-11/a>	Daniel Wesemann	Help your pilot fly!
2014-05-23/a>	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-03-26/a>	Johannes Ullrich	Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-13/a>	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2014-03-06/a>	Mark Baggett	Port 5000 traffic and snort signature
2014-01-22/a>	Chris Mohan	Learning from the breaches that happens to others
2014-01-11/a>	Guy Bruneau	tcpflow 1.4.4 and some of its most Interesting Features
2014-01-02/a>	Johannes Ullrich	Scans Increase for New Linksys Backdoor (32764/TCP)
2013-11-25/a>	Johannes Ullrich	More Bad Port 0 Traffic
2013-11-22/a>	Rick Wanner	Port 0 DDOS
2013-10-30/a>	Russ McRee	SIR v15: Five good reasons to leave Windows XP behind
2013-05-19/a>	Kevin Shortt	Port 51616 - Got Packets?
2013-03-03/a>	Richard Porter	Uptick in MSSQL Activity
2013-01-08/a>	Richard Porter	Yahoo Web Interface Report: Compose and Send
2012-12-06/a>	Daniel Wesemann	Fake tech support calls - revisited
2012-10-03/a>	Kevin Shortt	Fake Support Calls Reported
2012-01-27/a>	Mark Hofman	CISCO Ironport C & M Series telnet vulnerability
2012-01-13/a>	Guy Bruneau	Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-11-11/a>	Rick Wanner	APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-10-25/a>	Chris Mohan	Recurring reporting made easy?
2011-08-25/a>	Kevin Shortt	Increased Traffic on Port 3389
2011-06-29/a>	Johannes Ullrich	Random SSL Tips and Tricks
2011-06-21/a>	Chris Mohan	Australian government security audit report shows tough love to agencies
2011-05-23/a>	Mark Hofman	Microsoft Support Scam (again)
2011-04-20/a>	Daniel Wesemann	Data Breach Investigations Report published by Verizon
2011-01-25/a>	Chris Mohan	Reviewing our preconceptions
2011-01-24/a>	Rob VandenBrink	Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-15/a>	Jim Clausing	What's up with port 8881?
2011-01-08/a>	Guy Bruneau	PandaLabs 2010 Annual Report
2010-11-24/a>	Jim Clausing	Help with odd port scans
2010-08-16/a>	Raul Siles	The Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>	Rob VandenBrink	The 2010 Verizon Data Breach Report is Out
2010-07-06/a>	Rob VandenBrink	Bogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-20/a>	Raul Siles	Are You Ready for a Transportation Collapse...?
2010-03-01/a>	Mark Hofman	Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>	Rob VandenBrink	Support for Legacy Browsers
2010-01-09/a>	G. N. White	What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-10-28/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-21/a>	Pedro Bueno	Cyber Security Awareness Month - Day 21 - Port 135
2009-10-17/a>	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-02/a>	Rick Wanner	Significant increase in port 2967 traffic
2009-04-15/a>	Marcus Sachs	2009 Data Breach Investigation Report
2009-01-21/a>	Raul Siles	Traffic increase for port UDP/8247
2008-12-16/a>	donald smith	Cisco's Annual Security report has been released.
2008-08-02/a>	Maarten Van Horenbeeck	A little of that human touch
2008-07-02/a>	Jim Clausing	The scoop on the spike in UDP port 7 traffic
2008-05-26/a>	Marcus Sachs	Port 1533 on the Rise
2008-04-27/a>	Marcus Sachs	What's With Port 20329?
2008-04-10/a>	Deborah Hale	DSLReports Being Attacked Again
2008-04-08/a>	Swa Frantzen	Symantec's Global Internet Security Threat Report
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
2006-09-21/a>	Johannes Ullrich	Apple updates Airport Drivers
995
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
465
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
993
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
SECURE
2020-04-27/a>	Xavier Mertens	Powershell Payload Stored in a PSCredential Object
2010-07-24/a>	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-02-02/a>	Guy Bruneau	Cisco Secure Desktop Remote XSS Vulnerability
2009-10-17/a>	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2008-10-22/a>	Mari Nichols	F-Secure and Trend Micro Release Critical Patches
EMAIL
2024-02-05/a>	Jesse La Grew	Public Information and Email Spam
2023-03-12/a>	Guy Bruneau	AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-02-18/a>	Guy Bruneau	Spear Phishing Handlers for Username/Password
2023-01-05/a>	Brad Duncan	More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-30/a>	Jan Kopriva	SPF and DMARC use on GOV domains in different ccTLDs
2022-08-13/a>	Guy Bruneau	Phishing HTML Attachment as Voicemail Audio Transcription
2022-05-07/a>	Guy Bruneau	Phishing PDF Received in my ISC Mailbox
2022-05-05/a>	Brad Duncan	Password-protected Excel spreadsheet pushes Remcos RAT
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2021-11-14/a>	Didier Stevens	External Email System FBI Compromised: Sending Out Fake Warnings
2021-10-26/a>	Yee Ching Tok	Hunting for Phishing Sites Masquerading as Outlook Web Access
2021-10-22/a>	Brad Duncan	October 2021 Contest: Forensic Challenge
2021-05-22/a>	Xavier Mertens	"Serverless" Phishing Campaign
2021-02-26/a>	Guy Bruneau	Pretending to be an Outlook Version Update
2021-02-10/a>	Brad Duncan	Phishing message to the ISC handlers email distro
2020-11-18/a>	Xavier Mertens	When Security Controls Lead to Security Issues
2020-10-22/a>	Jan Kopriva	BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-10-09/a>	Jan Kopriva	Phishing kits as far as the eye can see
2020-09-21/a>	Jan Kopriva	Slightly broken overlay phishing
2020-06-18/a>	Jan Kopriva	Broken phishing accidentally exploiting Outlook zero-day
2020-05-27/a>	Jan Kopriva	Frankenstein's phishing using Google Cloud Storage
2020-04-13/a>	Jan Kopriva	Look at the same phishing campaign 3 months apart
2020-03-22/a>	Didier Stevens	More COVID-19 Themed Malware
2020-02-10/a>	Jan Kopriva	Current PayPal phishing campaign or "give me all your personal information"
2020-02-03/a>	Jan Kopriva	Analysis of a triple-encrypted AZORult downloader
2020-01-16/a>	Jan Kopriva	Picks of 2019 malware - the large, the small and the one full of null bytes
2019-12-15/a>	Didier Stevens	VirusTotal Email Submissions
2019-12-06/a>	Jan Kopriva	Phishing with a self-contained credentials-stealing webpage
2019-12-05/a>	Jan Kopriva	E-mail from Agent Tesla
2019-12-04/a>	Jan Kopriva	Analysis of a strangely poetic malware
2019-11-26/a>	Jan Kopriva	Lessons learned from playing a willing phish
2019-10-31/a>	Jan Kopriva	EML attachments in O365 - a recipe for phishing
2019-10-30/a>	Xavier Mertens	Keep an Eye on Remote Access to Mailboxes
2019-10-17/a>	Jan Kopriva	Phishing e-mail spoofing SPF-enabled domain
2019-04-13/a>	Johannes Ullrich	Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-07/a>	Guy Bruneau	Fake Office 365 Payment Information Update
2019-03-21/a>	Xavier Mertens	New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06/a>	Xavier Mertens	Keep an Eye on Disposable Email Addresses
2019-02-19/a>	Didier Stevens	Identifying Files: Failure Happens
2019-02-11/a>	Didier Stevens	Have You Seen an Email Virus Recently?
2018-12-21/a>	Lorna Hutcheson	Phishing Attempts That Bypass 2FA
2018-08-23/a>	Xavier Mertens	Simple Phishing Through formcrafts.com
2018-08-22/a>	Deborah Hale	Email/password Frustration
2018-08-19/a>	Didier Stevens	Video: Peeking into msg files - revisited
2018-08-11/a>	Didier Stevens	Peeking into msg files - revisited
2018-07-23/a>	Didier Stevens	Analyzing MSG files
2018-07-15/a>	Didier Stevens	Extracting BTC addresses from emails
2018-06-22/a>	Lorna Hutcheson	XPS Attachment Used for Phishing
2017-11-10/a>	Bojan Zdrnja	Battling e-mail phishing
2017-10-15/a>	Didier Stevens	Peeking into .msg files
2017-08-14/a>	Didier Stevens	Sometimes it's just SPAM
2015-02-20/a>	Tom Webb	Fast analysis of a Tax Scam
2014-07-09/a>	Daniel Wesemann	Who owns your typo?
2014-01-31/a>	Chris Mohan	Attack on Yahoo mail accounts
2014-01-24/a>	Johannes Ullrich	How to send mass e-mail the right way
2014-01-08/a>	Kevin Shortt	Intercepted Email Attempts to Steal Payments
2013-10-05/a>	Richard Porter	Adobe Breach Notification, Notifications?
2013-03-29/a>	Chris Mohan	Fake Link removal requests
2013-02-25/a>	Johannes Ullrich	Mass-Customized Malware Lures: Don't trust your cat!
2012-06-15/a>	Johannes Ullrich	Authenticating E-Mail
2012-02-07/a>	Johannes Ullrich	Secure E-Mail Access
2011-05-01/a>	Deborah Hale	Another Potentially Malicious Email Making The Rounds
2011-02-21/a>	Adrien de Beaupre	Winamp forums compromised
2010-09-09/a>	Marcus Sachs	'Here You Have' Email
2010-08-29/a>	Swa Frantzen	Abandoned free email accounts
2010-05-23/a>	Manuel Humberto Santander Pelaez	e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-03-05/a>	Kyle Haugsness	False scare email proclaiming North Korea nuclear launch against Japan
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-09/a>	Rob VandenBrink	THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-04/a>	Tom Liston	Facebook phishing malware
2009-01-11/a>	Deborah Hale	The Frustration of Phishing Attacks
2008-11-30/a>	Mari Nichols	Rejected Email Issues

PORT 995 465 993 SECURE EMAIL

PORT

995

465

993

SECURE

EMAIL