Ganesh Kasina and George Graziano of the AT&T Chief Security Office discuss the traffic changes on associated C2 ports caused by the Cyclops Blink malware.
https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html
The Episode follows ports:
636 : LDAPS
989 : FTPS Protocol (DATA)
990: FTPS Protocol (CONTROL)
992: TELNET Protocol over TLS/SSL
994: ircs [Secure IRC]
995: pop3s [POP3 over TLS/SSL]
3269: msft-gc-ssl [Microsoft Global Catalog with LDAP/SSL]
8443: Pcsync HTTPS [ Common alternate HTTPS port]
Originally recorded on April 12, 2022.
AT&T ThreatTraq welcomes your e-mail questions and feedback at attthreattraq@list.att.com