Port 87 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
87 |
tcp |
terminal link |
terminal link - a talk/chat style protocol. Port commonly used by intruders
Backdoor.Win32.Agent.ad / Insecure Credential Storage - the malware listens on TCP port 87, its default password "hoanggia" is stored in the Windows registry in cleartext under "clrprv.oo" in "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\System\NPP". The password is also set as cookie value "Cookie: pass=hoanggia; day=14; month=11; year=2021", which also gets sent over the network in plaintext. Third party attackers who can access the system or sniff traffic can grab the password, then execute any programs and or run commands made available by the backdoor.
References: [MVID-2021-0406] |
SG
|
87 |
tcp |
priv-term-l |
any private terminal link ttylink |
SANS
|
87 |
tcp |
priv-term-l |
any private terminal link, ttylink |
Nmap
|
87 |
tcp,udp |
|
any private terminal link |
IANA
|
|
4 records found
|