TCP 9002

ProtocolTCP

Port9002

LabelsNewforma Server comms

Synopsis

DynamID authentication service (IANA-registered service name “dynamid”) uses TCP port 9002.
The “9002” backdoor/RAT (aka 9002 Trojan), used by threat actors such as Naikon/APT30, communicates with its command-and-control servers over TCP 9002; it’s explicitly associated with hacking/exploitation.

Observed activity

Last 30 days Detailed chart

More information

SANS Internet Storm Center: Port 9002