mirror of
https://github.com/JGoyd/JGoyd.git
synced 2026-06-25 06:20:03 +02:00
Joseph R. Goydish II
46 KiB
46 KiB
JGoyd Evidence System — Master Chronological Timeline
Auto-extracted from every TRACK-*/README.md in the evidence scaffold. Each row = one dated event referenced in a case-folder README.
Total events extracted: 187 (deduplicated)
Date range: 2023-09-07 → 2026-05-18
Source folders: 27 (all TRACK-* directories)
| Date | Time (UTC if shown) | Folder | Event |
|---|---|---|---|
| 2023-09-07 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2023-09-07 | Apple patches CVE-2023-41064 (BLASTPASS) | iOS 16.6.1 | | |
| 2025-01-09 | B-CVE-2025-24085-24201-43300 |
| 2025-01-09 — present | I am enrolled in the VINCE portal for VU#395558. Portal screenshot captured. | evidence/VINCE-Portal-VU-395558.1.jpg (SHA-256 36034d64913277f6bfed785c5208c29726fdb39252a4c8f38a6cd8e77423a083); invitation PDF evidence/VINCE-Invite-Email-2.pdf (SHA... |
|
| 2025-01-09 | 19:36:03 | B-CVE-2025-24085-24201-43300 |
| 2025-01-09 19:36:03 UTC | CERT/CC sends me a VINCE invitation to participate in coordination for VU#395558 (case ID 2162, "Apple iOS"). The email is DKIM-pass on cert.org (selector zr2q7qzk2bw3mfxafkttrbx3dstyubyk) and on amazonses.com. | `evidence/VU-395558-invitation... |
| 2025-01-21 | B-CVE-2025-31200-31201 |
| Original 2025-01-21 CERT/CC VINCE submission (VRF#25-01-MPVDT) | evidence/01_21_2025-VRF-25-01-MPVDT-original-submission.md | dbf4a7eee33ed223ea048fc08ef831a1d643ffad6da7184f0f509e493d5ae31f | PENDING (.asc) | PENDING (.ots) | |
|
| 2025-01-22 | 03:26:03 | B-CVE-2025-31200-31201 |
| 2025-01-22 03:26:03 UTC (2025-01-21 22:26 EST) | I submit VRF#25-01-MPVDT through the CERT/CC VINCE portal describing buffer overflow via malicious audio in AudioConverterService on iOS 18.3 Beta and 18.2.1 | evidence/01_21_2025-VRF-25-01-MPVDT-original-submission.md (SH... |
| 2025-01-27 | B-CVE-2025-24085-24201-43300 |
| 2025-01-27 | CVE-2025-24085 published by Apple; fixed in iOS 18.3 family | https://support.apple.com/en-us/122066 | | |
| 2025-01-27 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-24085 | 2025-01-27 | 2025-01-29 | 2 days | | |
| 2025-03-03 | B-CVE-2025-31200-31201 |
| CERT/CC reply (gen-41698, 2025-03-03) | evidence/CERT_CC-email-thread.eml | 1b8ef561265cdde6908fe0b3c3975f505b71d35772f4b63026be1ac74a09f4c7 | PENDING (.asc) | PENDING (.ots) | |
|
| 2025-03-03 | 15:08:46 | B-CVE-2025-31200-31201 |
| 2025-03-03 15:08:46 UTC | CERT/CC replies through VINCE (case gen-41698) instructing me I may publish blog content and request a MITRE CVE — DKIM-pass on cert.org (selector zr2q7qzk2bw3mfxafkttrbx3dstyubyk) and amazonses.com | evidence/CERT_CC-email-thread.eml (SHA... |
| 2025-03-11 | B-CVE-2025-24085-24201-43300 |
| 2025-03-11 | CVE-2025-24201 published by Apple; fixed in Safari 18.3.1 / iOS 18.3.2 family | https://support.apple.com/en-us/122281 | | |
| 2025-03-11 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-24201 | 2025-03-11 | 2025-03-13 | 2 days | | |
| 2025-03-18 | B-CNVD-2025-06744 |
| 2025-03-18 | CNVD records submission; certificate CNVD-YCGO-202503023656 issued | Issuing-body PDF (staged) | |
|
| 2025-03-18 | B-CNVD-2025-06744 |
| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf | 352a56ff1319e1b8138b1f4c6f55b652cf09ccd8c6784610e3a3ef6a9a80723c | pending (batch 11 anchor script) | pending (batch 11 anchor script) | |
|
| 2025-03-18 | B-CNVD-2025-07885 |
- TRACK-B-CNVD-2025-06744: Sibling CNVD certificate, same issuing body, dated 2025-03-18, for an Apple iOS/iPadOS buffer-overflow vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a five-week window. | |
| 2025-03-18 | B-CVE-2025-24085-24201-43300 |
- CNVD-2025-06744 · cert no. CNVD-YCGO-202503023656 · recorded 2025-03-18 · class: buffer overflow, Apple iOS / iPadOS — staged under TRACK-B-CNVD-2025-06744/evidence/ |
|
| 2025-04-11 | B-CVE-2025-31200-31201 |
| 2025-04-11 | I draft a hardware-flaw report (PME enforcement failure via malformed MP4 → SoC stall) for onward submission via Google/Mandiant intake | evidence/April-11-Google-Mandiant-Report-Hardware-Flaw-5.md (SHA-256 9ec55975159b…) | |
|
| 2025-04-11 | B-CVE-2025-31200-31201 |
| 2025-04-11 Google/Mandiant hardware-flaw report draft | evidence/April-11-Google-Mandiant-Report-Hardware-Flaw-5.md | 9ec55975159b7e7d7aae1b3308c844fec231a5616251cd4eb80bae175ca4e901 | PENDING (.asc) | PENDING (.ots) | |
|
| 2025-04-16 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-31200 | 2025-04-16 | 2025-04-17 | 1 day | | |
| 2025-04-16 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-31201 | 2025-04-16 | 2025-04-17 | 1 day | | |
| 2025-04-16 | B-CVE-2025-31200-31201 |
| 2025-04-16 | CVE-2025-31200 and CVE-2025-31201 published by Apple Product Security; fixed in iOS 18.4.1. Apple credits Google TAG / Mandiant — not me. | https://support.apple.com/en-us/122282 | | |
| 2025-04-16 | B-CVE-2025-31200-31201 |
| 2025-04-16 | NVD CVE records first published | https://nvd.nist.gov/vuln/detail/CVE-2025-31200 · https://nvd.nist.gov/vuln/detail/CVE-2025-31201 | | |
| 2025-04-17 | B-CVE-2025-31200-31201 |
| CVE-2025-31200 | (NVD Primary not yet rescored) | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2025-04-17 (1 day after disclosure) | |
|
| 2025-04-17 | B-CVE-2025-31200-31201 |
| CVE-2025-31201 | (NVD Primary not yet rescored) | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2025-04-17 (1 day after disclosure) | |
|
| 2025-04-22 | B-CNVD-2025-06744 |
- TRACK-B-CNVD-2025-07885: Sibling CNVD certificate, same issuing body, dated 2025-04-22, for an Apple-products memory-release-then-reuse (use-after-free) vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a ... | |
| 2025-04-22 | B-CNVD-2025-07885 |
| 2025-04-22 | CNVD records submission; certificate CNVD-YCGO-202504012519 issued | Issuing-body PDF (staged) | |
|
| 2025-04-22 | B-CNVD-2025-07885 |
| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf | d5bb17d5a27eabd32d272173116c90f89f12cdd912a26969115007383a7f21c8 | pending (batch 11 anchor script) | pending (batch 11 anchor script) | |
|
| 2025-04-22 | B-CVE-2025-24085-24201-43300 |
- CNVD-2025-07885 · cert no. CNVD-YCGO-202504012519 · recorded 2025-04-22 · class: memory release then reuse (use-after-free), Apple multi-product — staged under TRACK-B-CNVD-2025-07885/evidence/ |
|
| 2025-04-22 | B-NASA-JPL-TLS |
| 1 | TLS-Certificate-Chain-Misconfiguration-on-webhosting-external.jpl.nasa.gov-2025-04-22T16_04_11-07_00-1-5.eml | c3ededb6e861… | Outbound .eml | From josephgoyd@proton.me → soc@nasa.gov, 2025-04-22 23:04:11 UTC | |
|
| 2025-05-03 | B-CVE-2025-31200-31201 |
| 2025-05-03 Yahoo self-forward (independent DKIM corroboration) | evidence/Google-Mandiant-email-submission-thread-4.eml | 41d3087c6dfe3595aa66b31c44a37b409e360e43099ae76af66584e1afa79c51 | PENDING (.asc) | PENDING (.ots) | |
|
| 2025-05-03 | 00:30:46 | B-CVE-2025-31200-31201 |
| 2025-05-03 00:30:46 UTC | I self-forward the hardware-flaw report by Yahoo to ProtonMail to create an independently DKIM-signed contemporaneous copy (yahoo.com, selector s2048) | evidence/Google-Mandiant-email-submission-thread-4.eml (SHA-256 41d3087c6dfe…) | |
| 2025-06-28 | B-Broadcom-BCM4387-BroadScope |
- The repo contains README.md, VULNERABILITY_REPORT.md, THREAT_MODEL.md, and an evidence/ directory. Technical claims are byte-offset-anchored against two filer-provided artifacts: a 2,068,480-byte BCM4387C2 Wi-Fi SoC RAM dump (SoC_RAM.bin) and a 4,997,407-byte Bluet... |
|
| 2025-08-21 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-43300 | 2025-08-21 | 2025-08-21 | same day | | |
| 2025-11-11 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-24085 | (lower) | 10.0 (NVD Primary + ADP Secondary) | cisagov/vulnrichment#194 (filed 2025-11-11 by JGoyd, closed 2025-11-12 14:37:17 UTC) | 2025-11-12 15:15:36 UTC (ADP Secondary), 2025-11-14 13:52:51 UTC (NVD Primary) | |
|
| 2025-11-11 | 16:08:53 | B-CVE-2025-24085-24201-43300 |
| 2025-11-11 16:08:53 UTC | I open cisagov/vulnrichment#194 requesting CVSS 10.0 for CVE-2025-24085 and CVE-2025-24201 | https://github.com/cisagov/vulnrichment/issues/194 | |
| 2025-11-12 | B-CVE-2025-24085-24201-43300 |
| NVD CVE-History snapshot, CVE-2025-24201 | evidence/nvd-history-24201-2025-11-12.json | PENDING | PENDING | PENDING | |
|
| 2025-11-12 | 14:37:17 | B-CVE-2025-24085-24201-43300 |
| 2025-11-12 14:37:17 UTC | CISA closes #194 | https://github.com/cisagov/vulnrichment/issues/194 | |
| 2025-11-12 | 15:15:36 | B-CVE-2025-24085-24201-43300 |
| CVE-2025-24201 | (lower) | 10.0 (NVD Primary + ADP Secondary) | cisagov/vulnrichment#194 (same filing, both CVEs requested) | 2025-11-12 15:15:36 UTC (ADP Secondary), 2025-11-14 (NVD Primary) | |
| 2025-11-12 | 15:15:36 | B-CVE-2025-24085-24201-43300 |
| 2025-11-12 15:15:36 UTC | NVD CVE-History records ADP write (source UUID 134c704f-9b21-4f2e-91b3-4a467353bcc0) adding Secondary CVSS 10.0 to both CVEs | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24085 | |
| 2025-11-14 | B-CVE-2025-24085-24201-43300 |
| NVD CVE-History snapshot, CVE-2025-24085 | evidence/nvd-history-24085-2025-11-14.json | PENDING | PENDING | PENDING | |
|
| 2025-11-14 | 13:52:51 | B-CVE-2025-24085-24201-43300 |
| 2025-11-14 13:52:51 UTC | NVD Primary CVSS revised to match (nvd@nist.gov source) | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24085 | |
| 2025-11-23 | 00:20:58 | B-CVE-2025-31200-31201 |
| CVE-2025-31200 (CoreAudio) | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | cisagov/vulnrichment#200 (filed 2025-11-23 00:20:58 UTC by JGoyd, closed 2025-11-24 14:46:17 UTC) | 2025-11-24 15:15:47.917 UTC | |
| 2025-11-23 | 00:20:58 | B-CVE-2025-31200-31201 |
| 2025-11-23 00:20:58 UTC | I opened cisagov/vulnrichment#200 requesting CVSS impact reassessment and chain documentation | https://github.com/cisagov/vulnrichment/issues/200 | |
| 2025-11-24 | B-CVE-2025-31200-31201 |
| CVE-2025-31201 (RPAC integrity bypass) | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Same filing, parallel write | 2025-11-24 | |
|
| 2025-11-24 | B-CVE-2025-31200-31201 |
| 2025-11-24 | Same ADP applies parallel changes to CVE-2025-31201 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31201 | | |
| 2025-11-24 | B-CVE-2025-31200-31201 |
| NVD CVE-History snapshot, CVE-2025-31200 | evidence/nvd-history-31200-2025-11-24.json | PENDING | PENDING | PENDING | |
|
| 2025-11-24 | B-CVE-2025-31200-31201 |
| NVD CVE-History snapshot, CVE-2025-31201 | evidence/nvd-history-31201-2025-11-24.json | PENDING | PENDING | PENDING | |
|
| 2025-11-24 | 14:46:17 | B-CVE-2025-31200-31201 |
| 2025-11-24 14:46:17 UTC | CISA closes issue #200 | https://github.com/cisagov/vulnrichment/issues/200 | |
| 2025-11-24 | 15:15:47 | B-CVE-2025-31200-31201 |
| 2025-11-24 15:15:47.917 UTC | NVD CVE-History records a single atomic change by source 134c704f-9b21-4f2e-91b3-4a467353bcc0: new CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8), new CWE-119, new reference to vulnrichment#200, new reference to my research repo ... |
| 2025-12-25 | B-DOE-417 |
| 1 | DOE-417-5941450-1585693-2025-12-25.pdf | d203750ddb65… | PDF | Submitted-to-DOE timestamp header 12/25/2025, 4:50:15 PM UTC. Submission ID 5941450-1585693. Page-footer confirms DOE-received state. | |
|
| 2025-12-25 | B-DOE-417 |
| 2 | DOE-EOC-NA40-acknowledgement-2025-12-25.eml | 5a8ff29de877… | Inbound .eml | DOE Emergency Operations Center acknowledgement. Double-DKIM-pass: doe.gov selector q2-2024-pp (2048-bit) and hq.doe.gov selector selector1 (2048-bit). Body: *"Watch Office... |
|
| 2025-12-25 | B-DOE-417 |
- Together: the form was filed, DOE received it, DOE's Emergency Operations Center acknowledged receipt on 2025-12-25 under a cryptographically signed agency reply. | |
| 2026-01-08 | B-IC3-067b3177c3524c80bce02cca08064d11 |
Status: Provisional → moving toward Anchor-Class — FBI IC3 Submission ID issued, paired technical artifact bundle staged, public-internet third-party-verifiable corroboration captured. The submission ID itself (067b3177c3524c80bce02cca08064d11) is the canonical anchor: i... |
|
| 2026-01-08 | B-IC3-067b3177c3524c80bce02cca08064d11 |
| Submission date (filer-attested) | 2026-01-08 (consistent with paired public-corroboration timestamp 2026-01-08T23:17:45Z) | | |
| 2026-01-08 | 23:17:45 | B-IC3-067b3177c3524c80bce02cca08064d11 |
| Public-internet long-lived corroboration of the ID | Captured (filer's public repo description field, visible since 2026-01-08T23:17:45Z; tree 810ab171…) | Archive snapshots of the repo's metadata page anchor the ID to a date that predates this folder's creation | |
| 2026-02-06 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-06 | Filer initial analysis identifies BLASTPASS pattern on iOS 26.2 | Build pre-23C71 | | |
| 2026-02-09 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-09 (same day) | Outbound disclosure submitted to Apple via VulnCheck | — | | |
| 2026-02-09 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| Outbound disclosure (Feb 9) | evidence/Apple-PSIRT-BLASTPASS-V2-disclosure-2026-02-09.md | 497108299d6cfbab09afc434d913ffed7d82460e596bb31efb1b13565ed974b1 | 4,710 B | Filer's original disclosure markdown; cites trace SHA-256 internally | |
|
| 2026-02-09 | 09:14 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-09 09:14 | Device updated to iOS 26.2.1 | Build 23C71 | |
| 2026-02-09 | 09:15 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-09 09:15 | tracev3 captured 1 minute post-update; filer asserts exploitation chain still operational | Build 23C71 | |
| 2026-02-09 | 09:15 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| Trace — iOS 26.2.1 (Build 23C71) | evidence/logdata_26_2_1-Build-23C71.tracev3 | 905b5cc8dc4cfc0254221bab3478c67c023821ff1852d8f8dfa2d782927e4c9c | 3,229,936 B | Captured 1 min post-update on 2026-02-09 09:15 EST; binary unified log | |
| 2026-02-11 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-11 | Apple releases iOS 26.3 (Build 23D127) with ImageIO + PassKit + Messages-sandbox + libxpc remediations | Build 23D127 | | |
| 2026-02-13 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| Outbound rebuttal (Feb 13) | evidence/Apple-PSIRT-Forensic-Rebuttal-iOS-26-3-2026-02-13.md | 08d473e5fe0b25fc85a4c5f2a22f1da31014a97316b23a01cfc69645b5a49e78 | 5,340 B | Filer's forensic rebuttal; cites Build 23D127 trace SHA-256 internally | |
|
| 2026-02-13 | 17:14 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-13 17:14 | Apple PSIRT rejects disclosure ("standard system behavior", "no technical validity") | — | |
| 2026-02-13 | 20:47 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
| 2026-02-13 20:47 | Filer submits forensic rebuttal comparing Build 23C71 vs 23D127 binary offsets | — | |
| 2026-02-26 | A-CISA-INC0625285-iOS-Bypass |
| evidence/CISA-INC0625285-Farouq-reply-2026-02-26.eml | fd4d8b8898f99e98d76459320a5ad3fcf232cfa5a47313b5b9876633c48c6f2e | Full multipart/mixed inbound. Body PGP-encrypted; two inline images declared (image002.png, image003.jpg). | |
|
| 2026-02-26 | A-CISA-INC0625285-iOS-Bypass |
| evidence/CISA-INC0625285-Farouq-reply-headers-2026-02-26.txt | 396ad78626c8a399d4dbf7ce717eaf8133a6c417f553c501544dab0724807b5a | Headers-only line-numbered extract of the same inbound. | |
|
| 2026-02-26 | A-CISA-INC0625285-iOS-Bypass |
- Agency-side: Open active ticket as of the captured message (2026-02-26). | |
| 2026-03-09 | B-Broadcom-BCM4387-BroadScope |
| evidence/Broadcom-PSIRT-outbound-headers-2026-03-09.txt | 8b51b09039326255b35a44138ff14ba4468339fa5352a031cfad21ebdd12e08c | Headers-only extract of the outbound PSIRT submission. Body PGP-encrypted from Proton compose side. Two attachments declared in headers: `BCM4... |
|
| 2026-03-09 | B-Broadcom-BCM4387-BroadScope |
- A coordinated-disclosure submission was sent to Broadcom PSIRT on 2026-03-09 with two attached technical artifacts. | |
| 2026-03-09 | B-Broadcom-BCM4387-BroadScope |
- Watch for any further PSIRT inbound on this thread (Message-Id chain anchored on the 2026-03-09 outbound). | |
| 2026-03-10 | B-Broadcom-BCM4387-BroadScope |
| Broadcom broadcom.com DKIM signature | header b="BmLn+Zw1H0O5wsTUnPMHOWDE9Cz2…" | The inbound reply is signed by Broadcom's google selector under broadcom.com (1024-bit RSA); Google's 1e100.net DKIM also countersigns. DMARC p=reject passes. SPF passes from `broad... |
|
| 2026-03-10 | B-Broadcom-BCM4387-BroadScope |
| evidence/Broadcom-PSIRT-Edelson-reply-2026-03-10.eml | 7611c851392d2a6a7dc7fe46b8b8828beb2131de22607f1986f3129a758a25cf | Full multipart/mixed inbound reply from Broadcom PSIRT (Edelson). PGP body, S/MIME attachment (smime.p7s). | |
|
| 2026-03-10 | B-Broadcom-BCM4387-BroadScope |
| evidence/Broadcom-PSIRT-Edelson-reply-headers-2026-03-10.txt | bf70c42521795b2ceec6a94ddc0b1b62d1adba23486ea268f5fff7b8d3e44d58 | Headers-only extract of the same inbound reply (filer-prepared, line-numbered). | |
|
| 2026-03-10 | B-Broadcom-BCM4387-BroadScope |
- Broadcom (a named PSIRT engineer, with Ken Williams and the PSIRT alias) responded on 2026-03-10 from an authenticated Broadcom mail path. | |
| 2026-03-10 | B-Broadcom-BCM4387-BroadScope |
- Vendor-side (as of folder creation): Acknowledged receipt 2026-03-10; no public Broadcom advisory observed; no CVE assigned. Filer's characterization preserved verbatim above. | |
| 2026-03-24 | A-TW-NCC-11500091980 |
Status: 🟢 Layer-1 — Tier 1 anchor present. Inbound DKIM-signed kick-off from ncc.gov.tw is on file, plus an official NCC formal letter (函) dated ROC 115/3/24 = 2026-03-24 for the same filing reference. Carrier (Taiwan Mobile) has filed a rebuttal; case remains op... |
|
| 2026-03-24 | A-TW-NCC-11500091980 |
| 5 | NCC-formal-letter-Fa-Wen-11500091980-2026-03-24.pdf | 4530081b986c… | Official NCC formal letter (函) | NCC outbound letter, filing ref 通傳基礎決字第11500091980號, dated ROC 115/3/24 = 2026-03-24. Contact: 周金賢 (jschou@ncc.gov.tw, +886-2-3343-8347). Issuing bran... |
|
| 2026-03-25 | A-TW-NCC-11500091980 |
| 1 | NCC-1156500716-2026-03-25T00_35_03-07_00-11.eml | d8509c9b80a4… | Inbound .eml | NCC kick-off, DKIM-pass 2048-bit key header.d=ncc.gov.tw via Google relay; spf=pass smtp.mailfrom=ncc.gov.tw. Tier 1 anchor. | |
|
| 2026-04-01 | B-MSRC-112639 |
Role: Original reporter / coordinated discloser. First reported to Vanderbilt VUIT IT-Security (incident #86705) on 2026-04-01, then escalated to Microsoft MSRC (Case 112639) on 2026-04-08. Same finding, same evidence, two-stage disclosure path. | |
| 2026-04-01 | B-MSRC-112639 |
| 2026-04-01 | In-the-wild delivery observed from compromised Vanderbilt University M365 account | | |
| 2026-04-01 | B-MSRC-112639 |
| 2026-04-01 | Vanderbilt IT Security notified — VUIT TeamDynamix ticket #86705 | | |
| 2026-04-01 | B-MSRC-112639 |
| 1 | evidence/VUIT-ticket-86705-comment-added-2026-04-01.eml | a2bae199e6d7… | Inbound .eml | VUIT TeamDynamix comment-added notification. Body: *"Reassigned this incident from John Trombly to VUIT Security Operations… Status: New Ticket… Suspicious binary signature... |
|
| 2026-04-01 | B-MSRC-112639 |
- ARC-pass under arcselector10001 (d=microsoft.com) — Microsoft's transport-layer ARC seal on the same delivery. Same arcselector10001 ARC key is observed sealing the original 2026-04-01 carrier message inside the MSRC Update-1 evidence (this is the trust-chain hinge of ... |
|
| 2026-04-01 | B-MSRC-112639 |
- That the 2026-04-01 carrier message exhibits the headers documented (Microsoft ARC seal, vanderbilt.edu DKIM, CrossTenant-AuthAs: Internal, etc.). These are byte-verifiable from source_message.eml inside the Update-1 bundle. |
|
| 2026-04-01 | B-MSRC-112639 |
- A coordinated-disclosure workflow occurred (initial report 2026-04-01 → vendor escalation 2026-04-08 → takedown compliance within 2.5 hours on 2026-04-10 → defensive advisory 2026-04-13). | |
| 2026-04-01 | 09:27 | B-MSRC-112639 |
- That a VUIT ticket #86705 exists, was reassigned to VUIT Security Operations on 2026-04-01 09:27 CDT, and was triggered by a "Suspicious email Signature" report (DKIM on vanderbilt.edu). |
| 2026-04-03 | B-Broadcom-BCM4387-BroadScope |
- Author of the public research repository github.com/JGoyd/BroadScope (commit head ba55b3f3c86b60ed63890a8c0f0f650c926f3baa, repo created 2026-04-03, last push 2026-04-07). |
|
| 2026-04-03 | B-Broadcom-BCM4387-BroadScope |
- Filer-side: Public research repository on GitHub since 2026-04-03; no exploit payloads or working PoC published. | |
| 2026-04-03 | 18:57:56 | B-Broadcom-BCM4387-BroadScope |
| BroadScope research repo (public) | https://github.com/JGoyd/BroadScope | Public coordinated-disclosure write-up by GitHub user JGoyd. Head commit ba55b3f3c86b…. Tree SHA bffbc5e4c458fdcd057db0f2c694c38f5bfabfb5. Created 2026-04-03T18:57:56Z, last push 2026-04-07T15:50... |
| 2026-04-07 | B-IC3-067b3177c3524c80bce02cca08064d11 |
| Filer's published case README | evidence/iDrive-Exfil-repo-README-2026-04-07.md | 63a216b52877925eaf1ed1912673ccea9a79c93918b4d2ceaa128ec458d7d8e4 | 1,857 B | Technical surface description: polyglot HEIF carrier, mdat entropy 7.9478, three "Shadow UUIDs" in MakerNote... |
|
| 2026-04-07 | B-IC3-067b3177c3524c80bce02cca08064d11 |
| Carrier image (subject: filer's son + backyard) | evidence/iDrive-Exfil-MyWorld-2026-04-07.jpg | 5035e6c602044b1a251f04e7ae5746ec7c4e7e81895bebb200952f1ca54ce6d6 | 4,836,652 B | JPEG 3024×4032, JFIF 1.01, baseline; cited in the case README as "the fulcrum" | |
|
| 2026-04-07 | B-IC3-067b3177c3524c80bce02cca08064d11 |
| Personal note (filer to son) | evidence/iDrive-Exfil-assets-README-2026-04-07.md | a71fd90cc809f5d04d51a99da7c08536464a16e4c888161a322256e9035ffad6 | 101 B | Verbatim: "Life is what you make it. What is an oppurnuntiy if you don't choose to take it? I love you son." — ... |
|
| 2026-04-07 | 15:35:51 | B-IC3-067b3177c3524c80bce02cca08064d11 |
Bundle origin: all three artifacts are the contents of a public GitHub repository (default branch main, HEAD as of 2026-04-07T15:35:51Z, tree SHA 810ab171bcefaff7942ebea0388fbec17214355a) created and controlled by the filer (JGoyd), whose public description field car... |
| 2026-04-08 | A-TW-NCC-11500091980 |
| 3 | TW-OHTTP-reply-to-TaiwanMobile-NCC-2026-04-08.eml | 8d34af379a5e… | Outbound .eml | User reply to ISMS@taiwanmobile.com, cc jschou@ncc.gov.tw, 2026-04-08 19:45:40 UTC | |
|
| 2026-04-08 | B-MSRC-112639 |
| 2026-04-08 | MSRC Case 112639 filed; Update 1 with .eml + verification walkthrough same day | |
|
| 2026-04-08 | B-MSRC-112639 |
| 2 | evidence/MSRC_Case_112639_Update_1.zip | 274b18c9d385… | ZIP (forensic bundle) | Update-1 evidence package delivered to MSRC on 2026-04-08. Contains manifest, technical findings, verification steps, and raw .eml + decoded attachment. | |
|
| 2026-04-08 | 05:32:07 | B-MSRC-112639 |
| Repo created | 2026-04-08T05:32:07Z | |
| 2026-04-09 | B-MSRC-112639 |
| 2026-04-09 | MSRC confirms assessment engineer assigned | | |
| 2026-04-10 | B-MSRC-112639 |
| 2026-04-10 | MSRC requests takedown of public post; complied within 2.5 hours | | |
| 2026-04-13 | B-MSRC-112639 |
Safety posture: This case ships no exploit code, no payloads, and no weaponized technical detail. The public GitHub repo and this folder both follow the established no-payload rule. A prior steganographic claim was withdrawn on 2026-04-13 after byte-level analysis ... | |
| 2026-04-13 | B-MSRC-112639 |
| Stego-withdrawal commit | a75ce46a9a6d4deabf2235500f75d95ec313dcf6 (2026-04-13) | |
|
| 2026-04-13 | B-MSRC-112639 |
| 2026-04-13 | Defensive advisory published (detection guidance, no exploit code); steganographic claim withdrawn | | |
| 2026-04-13 | B-MSRC-112639 |
| 5 | evidence/github-snapshot/m365-mime-type-confusion-main-2026-04-13.zip | b261ca5e825b… | ZIP | Snapshot of the public GitHub repo at the rewrite commit (a75ce46…) that locked in the no-payload posture and withdrew the stego claim. | |
|
| 2026-04-13 | B-MSRC-112639 |
- GitHub repo JGoyd/m365-mime-type-confusion is public with a full git history including the stego-withdrawal commit (a75ce46a…, 2026-04-13). The withdrawal is documented in the commit message verbatim: *"Stego extraction not reproducible from delivered PNG (474,89... |
|
| 2026-04-27 | A-CPIB-69f824dfe5ef7daf3b78ccee |
- Related Track A filings on overlapping subject matter: SEC TCR 20260513-00019687, FCA BoC supplement 00Db00K8yP.500Sk019RuGn, OLAF Mandelson-Carbyne 2026-04-27, SK GenPro 260428070422263, LT prosecutor 01-1-03450-26. |
|
| 2026-04-27 | A-DOE-NE-2026-05-02 |
- Related Track A filings on overlapping subject matter: OLAF Mandelson-Carbyne 2026-04-27, SEC TCR 20260513-00019687, FCA BoC supplement 00Db0000000K8yP / 500Sk000019RuGn, MA AGO MIT-MediaLab stub. |
|
| 2026-04-27 | A-USN-InsiderThreat-AirCenter-Tinney |
| 1 | evidence/USN-InsiderThreat-AirCenter-Tinney-Bohlke-outbound-2026-04-27.eml | 9dc71fe67529… | Outbound .eml | Single-message referral to USN-InsiderThreat@us.navy.mil. Primary subject ACH/Tinney; Adjacent Matter #1 Bohlke (named); Adjacent Matter #2 held pending r... |
|
| 2026-04-27 | A-USN-InsiderThreat-AirCenter-Tinney |
--armor --detach-sign USN-InsiderThreat-AirCenter-Tinney-Bohlke-outbound-2026-04-27.eml | |
| 2026-04-27 | 16:04:06 | A-USN-InsiderThreat-AirCenter-Tinney |
Status: 🟡 Provisional — outbound-only. Sent 2026-04-27 16:04:06 UTC from Esq.JG.legal@proton.me to USN-InsiderThreat@us.navy.mil (DON CAF / Navy Insider Threat Hub intake). No inbound acknowledgement on file. Upgrades to Strong on any written reply from `*.... |
| 2026-04-27 | 16:04:06 | A-USN-InsiderThreat-AirCenter-Tinney |
| Outbound date | 2026-04-27 16:04:06 UTC (09:04:06 PDT) | |
| 2026-04-28 | A-SK-260428070422263 |
| 2026-04-28 (initial intake) | Slovak GP issues PP — Potvrdenka o prijatí (initial receipt) under case 260428070422263. PAdES-signed PDF generated by Slovak GP intake. | evidence/SK-GenPro-potvrdenka-PP-o-prijati-260428070422263.pdf (SHA-256 48d513f2c7e5…) | |
|
| 2026-04-28 | A-SK-260428070422263 |
| 2026-04-28 | Slovak GP OP PDF (verified-stage receipt, PAdES-signed). | evidence/SK-GenPro-potvrdenka-po-overeni-260428070422263.pdf | |
|
| 2026-04-28 | A-SK-260428070422263 |
| Slovak GP OP verified confirmation email | evidence/SK-GenPro-confirmation-2026-04-28.eml | 84c410150fa8… | DKIM genpro.gov.sk | PENDING | |
|
| 2026-04-28 | 05:44:31 | A-SK-260428070422263 |
- DKIM genpro.gov.sk selector genprogovsk — Slovak General Prosecutor's mail infrastructure cryptographically produced the byte sequence in the .eml on 2026-04-28 05:44:31 UTC. DNS lookup target: genprogovsk._domainkey.genpro.gov.sk. |
| 2026-04-28 | 07:44:31 | A-SK-260428070422263 |
| 2026-04-28 07:44:31 +0200 (05:44:31 UTC) | Slovak GP issues OP — Potvrdenka po úplnom overení (confirmation after full verification) — case 260428070422263. DKIM-pass on genpro.gov.sk (2048-bit, selector genprogovsk), DMARC-pass, SPF-pass via genpro.gov.sk.... |
| 2026-04-29 | A-Ossoff-Senate-DOJ-Redactions |
| 1 | Ossoff-Senate-DavidJones-inbound-2026-04-29.eml | 02f311c6907c… | Inbound .eml | David A. Jones reply confirming receipt and DC-office forward. DKIM-pass header.d=senate.gov selector senate-pp2408 (2048-bit); spf=pass smtp.mailfrom=ossoff.senate.gov; ... |
|
| 2026-04-29 | A-Ossoff-Senate-DOJ-Redactions |
| 2 | Ossoff-Senate-staff-DOJ-redactions-outbound-2026-04-29.eml | b671a0d11fac… | Outbound .eml | User reply continuing the thread (Apr 29 12:38 PDT / 19:38 UTC). In-Reply-To: <8096696F-…@ossoff.senate.gov> cryptographically chains this outbound to inbound #1 (Message... |
|
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
- Letter date: 2026-04-30 | |
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
Submitter / filer. I submitted material to the Panevėžys Regional Prosecutor's Office. The office issued a prosecutor-signed letter on 2026-04-30 confirming that the information was attached to a criminal case file and forwarded to the pre-trial investigation authority for... | |
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
| 2026-04-30 | Prosecutor Aurelijus Navickas issues DĖL PATEIKTOS INFORMACIJOS letter, addressed to Esq.JG.legal@proton.me, stating: *"Informuojame, kad Jūsų pateikta informacija prijungta prie baudžiamosios bylos medžiagos bei persiųstas vertinimui ikiteisminio tyrimo įst... |
|
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
| 2026-04-30 | Transmittal email from Lithuanian prosecutor's mail infrastructure carrying the signed PDF as attachment. SPF-pass on prokuraturos.lt (agency mail domain). DKIM not present on this transmittal (dkim=none); the cryptographic anchor on this case is the embed... |
|
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
| Prosecutor Navickas letter (2026-04-30) | evidence/LT-Panevezys-Prosecutor-letter-2026-04-30.pdf | 603409f4b01b… | PENDING | PENDING | |
|
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
| LT prosecutor transmittal email (carries the PDF) | evidence/LT-PAIS-transmittal-inbound-2026-04-30.eml | a46f5a154eec… | SPF-pass prokuraturos.lt (no DKIM) | PENDING | |
|
| 2026-04-30 | A-LT-CASE-01-1-03450-26 |
- A named Lithuanian prosecutor at the Panevėžys Regional Prosecutor's Office Organised Crime and Corruption Investigation Division signed a letter on 2026-04-30 acknowledging receipt and stating the information was attached to criminal case materials and forwarded for evaluat... | |
| 2026-05-02 | A-DOE-NE-2026-05-02 |
| 1 | DOE-NE-CFIUS-FINCEN-referral-2026-05-02.eml | 907c77106a8c… | Outbound .eml | Single message addressed to all three agencies; subject is the full long-form line. Proton DKIM (not agency-side). | |
|
| 2026-05-02 | A-MA-AGO-MIT-MediaLab |
- Related Track A filings on overlapping subject matter (MIT Media Lab / Joi Ito / Epstein-Bates corpus): SEC TCR 20260513-00019687, FCA BoC supplement, OLAF Mandelson-Carbyne, DOE-NE / CFIUS / FinCEN 2026-05-02 referral. |
|
| 2026-05-02 | A-OLAF-Mandelson-Carbyne |
- Related Track A filings on overlapping subject matter (Joi Ito / MIT Media Lab cluster, Epstein-Bates corpus): SEC TCR 20260513-00019687, FCA BoC supplement, MA AGO MIT-MediaLab stub, DOE-NE / CFIUS / FinCEN 2026-05-02 referral. |
|
| 2026-05-02 | A-USN-InsiderThreat-AirCenter-Tinney |
- TRACK-A-DOE-NE-2026-05-02: shares the broader corpus and Bates anchoring methodology (different agencies, different subject matter — strict domain separation preserved). |
|
| 2026-05-02 | B-DOE-417 |
Domain separation: This artifact contains Track B material only. No relationship to TRACK-A-DOE-NE-2026-05-02 — that is an unrelated multi-agency national-security referral that happens to touch DOE. This folder concerns Form DOE-417 electric-emergency-incident repor... |
|
| 2026-05-02 | B-DOE-417 |
- Not related to TRACK-A-DOE-NE-2026-05-02 (different DOE office, different subject matter, different statutory basis). Track A / Track B separation strictly enforced. |
|
| 2026-05-02 | B-DOE-417 |
This README is part of the JGoyd Verifiable Evidence System. Strict Track A / Track B domain separation enforced. Filer-claim ≠ adjudicated fact. No relationship to TRACK-A-DOE-NE-2026-05-02. | |
| 2026-05-02 | B-MSRC-112639 |
| Repo head commit (as of catalog) | c4bca6650fe5366064885e142c6847e49855e67b (2026-05-02) | |
|
| 2026-05-02 | B-MSRC-112639 |
| 2026-05-02 | Repo last pushed (cosmetic update "Looks better") | | |
| 2026-05-04 | A-CPIB-69f824dfe5ef7daf3b78ccee |
| 2 | CPIB-confirmation-2026-05-04.eml | 4fce01def1f1… | Inbound .eml | FormSG auto-confirmation. Double DKIM-pass: form.gov.sg (2048-bit, selector y7posmki4a5gkzqgrtnwseuajsr5wg4m) AND amazonses.com (1024-bit, selector pd64dbxfdcqqbvadj6zks7h7qe3c33ao). ... |
|
| 2026-05-04 | A-OLAF-Mandelson-Carbyne |
Status: 🟢 Strong — Tier-1 anchored. Standalone OLAF inbound .eml now on file (2026-05-04). DKIM-pass on ec.europa.eu selector s2601 (2048-bit). Outbound user reply also on file. Upgraded from prior Layer-2 (quoted-inbound-only). |
|
| 2026-05-04 | A-OLAF-Mandelson-Carbyne |
| 1 | OLAF-Mandelson-Carbyne-inbound-2026-05-04.eml | 42f922168afc… | Inbound .eml | OLAF acknowledgement from OLAF-FM-A1@ec.europa.eu. DKIM-pass on ec.europa.eu selector s2601 (2048-bit). Message-Id <bc0371e438c145b7af6986637b8f4778@ec.europa.eu>. First EU-i... |
|
| 2026-05-04 | 04:47 | A-CPIB-69f824dfe5ef7daf3b78ccee |
- That a CPIB Corruption Reporting Form submission was made on 2026-05-04 04:47 UTC, generated FormSG Response ID 69f824dfe5ef7daf3b78ccee, and received an automatic confirmation from the Singapore Government's official FormSG infrastructure that is **cryptographically attes... |
| 2026-05-04 | 04:47:29 | A-CPIB-69f824dfe5ef7daf3b78ccee |
| 2026-05-04 04:47:29 | Complaint submitted via FormSG portal; CPIB Form ID 681a99f6fc08c4f22d68b08c, Response ID (submission reference) 69f824dfe5ef7daf3b78ccee | Yes — X-Formsg-Form-Id and X-Formsg-Submission-Id headers; agency may confirm reference on request via pu... |
| 2026-05-04 | 04:47:36 | A-CPIB-69f824dfe5ef7daf3b78ccee |
| 2026-05-04 04:47:36 | FormSG auto-confirmation .eml received by user, DKIM-signed by form.gov.sg + amazonses.com | Yes — DKIM verification reproducible by any third party | |
| 2026-05-05 | A-DOJ-FARA-Public |
| 1 | DOJ-FARA-KarimWade-MackySall-reply-2026-05-05.eml | 83ef754869d9… | Inbound .eml | DOJ FARA Unit reply. DKIM-pass header.d=usdoj.gov selector doj (2048-bit); spf=pass smtp.mailfrom=usdoj.gov; dmarc=pass (p=reject). arc=pass from Microsoft (the DOJ... |
|
| 2026-05-05 | A-IRS-FORM-211 |
| 1 | evidence/IRS-211-STC-EDC-2026-05-05-bates_evidence_packet.pdf | 653f9d1f3497… | PDF (13 pages) | The Form 211 Bates evidence packet itself. Filer-prepared, compiled 2026-05-06. On-screen submission confirmation at intake; no agency-issued claim number captured yet. | |
|
| 2026-05-05 | A-IRS-FORM-211 |
--armor --detach-sign IRS-211-STC-EDC-2026-05-05-bates_evidence_packet.pdf | |
| 2026-05-05 | A-MA-AGO-MIT-MediaLab |
- Acknowledgement date: 2026-05-05 | |
| 2026-05-05 | A-MA-AGO-MIT-MediaLab |
Submitter / filer. I submitted a complaint package to the Massachusetts Attorney General's Office. The office's OnBase-backed intake system returned a DKIM-signed acknowledgement on 2026-05-05. | |
| 2026-05-05 | A-MA-AGO-MIT-MediaLab |
| 2026-05-05 | MA AGO acknowledgement issued via OnBase intake. Body excerpt: "Your information has been forwarded to the appropriate staff member… record your complaint in the Attorney General's Non-Profits and Public Charities Division." DKIM-pass on onbaseonline.com... |
|
| 2026-05-05 | A-MA-AGO-MIT-MediaLab |
| MA AGO acknowledgement (OnBase, DKIM-signed) | evidence/MA-AGO-NPC-acknowledgement-2026-05-05.eml | 52975f8bc6a4… | PENDING | PENDING | |
|
| 2026-05-05 | A-MA-AGO-MIT-MediaLab |
- MA AGO's OnBase intake produced a cryptographically signed acknowledgement on 2026-05-05 stating the complaint had been forwarded to the Non-Profits and Public Charities Division. | |
| 2026-05-06 | A-IRS-FORM-211 |
| Packet compiled | 2026-05-06 | | |
| 2026-05-06 | A-IRS-FORM-211 |
- Exhibit 9 — Senate LDA zero-result query (lda.senate.gov/api/v1/filings, queried 2026-05-06) cross-verified with OpenSecrets |
|
| 2026-05-06 | A-SEC-TCR-17780-976-067-126 |
Submitter / TCR filer. I filed the TCR on 2026-05-06, transmitted a Bates-organized evidence packet, and supplemented the filing on 2026-05-13 with a targeted-lead expansion. The SEC Ombuds opened Matter ID 20260513-00019687 and issued a DKIM-signed acknowledgement on 20... |
|
| 2026-05-06 | A-SEC-TCR-17780-976-067-126 |
| 2026-05-06 (same day) | Bates-organized evidence packet prepared (§206 framing, Ito subject, DOJ public-release corpus) | evidence/SEC_Referral_17780-976-067-126_Evidence_Packet-4.pdf (SHA-256 f5421ab03106…) | |
|
| 2026-05-06 | A-SEC-TCR-17780-976-067-126 |
| TCR submission confirmation (2026-05-06) | evidence/SEC_Referral_17780-976-067-126-3.pdf | 703f5daadda9460ae3aba92f166408db42e467951d40255fc051240513fb31b6 | PENDING | PENDING | |
|
| 2026-05-06 | A-SEC-TCR-17780-976-067-126 |
- That the SEC received TCR Submission 17780-976-067-126 on 2026-05-06. |
|
| 2026-05-06 | 20:00:08 | A-SEC-TCR-17780-976-067-126 |
| 2026-05-06 20:00:08 UTC (16:00:08 EDT) | TCR submission accepted by https://www.sec.gov/forms/tcr-external-form/confirmation — Submission Number 17780-976-067-126 issued by SEC infrastructure | evidence/SEC_Referral_17780-976-067-126-3.pdf (SHA-256 703f5daadda9…) | |
| 2026-05-08 | A-FCA-BoC-StanChart |
| 2026-05-08 FCA substantive reply (inbound, DKIM-pass fca.org.uk, named-officer attestation that concerns have been passed to BoC (UK) supervisory team) | evidence/FCA-BoC-StanChart-Andrew-substantive-inbound-2026-05-08.eml | `eb9978cb2a2717910ec4fc809ee7518ce456c... |
|
| 2026-05-08 | A-FCA-BoC-StanChart |
- That the FCA Consumer Queries / Supervision Hub issued two named-officer substantive replies (2026-05-08 and 2026-05-13) on the matter, both DKIM-signed by fca.org.uk, both citing the matter reference 00Db00K8yP.500Sk019RuGn, with explicit attestation that the inform... |
|
| 2026-05-08 | A-FCA-BoC-StanChart |
- That the FCA has opened any formal investigation, taken any enforcement action, reached any finding, or concluded anything substantive about the firms or individuals named. The FCA's standing policy (quoted verbatim in the 2026-05-08 reply) is that *"we'll generally not prov... | |
| 2026-05-08 | 16:42:58 | A-FCA-BoC-StanChart |
| 2026-05-08 16:42:58 UTC | FCA Consumer Queries / Supervision Hub issues a named-officer substantive reply (subject: Bank of China (UK) Limited and Standard Chartered). Body confirms: (i) FCA recognises both subjects on the Financial Services Register; (ii) FCA confirms... |
| 2026-05-11 | A-FCA-BoC-StanChart |
- Submission posture: Conduct / AML supervisory query, supplemented 2026-05-11 | |
| 2026-05-11 | A-FCA-BoC-StanChart |
| 2026-05-11 FCA supplement (sent by me) | evidence/FCA-BoC-StanChart-supplement-2026-05-11.eml | 207fa35b8c57f8d4262442a0b497f9a2509170ce67c070c314d06e706c9b7e77 | PENDING (.asc) | PENDING (.ots) | |
|
| 2026-05-11 | A-FCA-BoC-StanChart |
| 2026-05-11 FCA automated acknowledgement (inbound, DKIM-pass fca.org.uk) | evidence/FCA-acknowledgement-noreply-2026-05-11.eml | b9f0e77b682359d3e5717b0140deb66790bf2b343c27ec493c38385923f866fc | PENDING (.asc) | PENDING (.ots) | |
|
| 2026-05-11 | A-OLAF-Mandelson-Carbyne |
| 2 | OLAF-Mandelson-Carbyne-reply-2026-05-11.eml | 9b6f482e3069… | Outbound .eml | User reply to OLAF-FM-A1@ec.europa.eu 2026-05-11 13:17:42 UTC. Embeds OLAF's earlier acknowledgement in the References: quoted chain. Carries user PGP attachment `Joseph_R._Goydish_II... |
|
| 2026-05-11 | 15:09:57 | A-FCA-BoC-StanChart |
| 2026-05-11 15:09:57 UTC | I send the supplement listed in this folder | evidence/FCA-BoC-StanChart-supplement-2026-05-11.eml SHA-256 207fa35b8c57f8d4262442a0b497f9a2509170ce67c070c314d06e706c9b7e77 | |
| 2026-05-11 | 15:11:48 | A-FCA-BoC-StanChart |
| 2026-05-11 15:11:48 UTC | FCA system issues automated Thank you your query has been received. acknowledgement from noreply@fca.org.uk (Salesforce-relayed). DKIM-pass on fca.org.uk (2048-bit, selector intactfcaorguk2). | `evidence/FCA-acknowledgement-noreply-2... |
| 2026-05-13 | A-FCA-BoC-StanChart |
| 2026-05-13 FCA supervisory referral attestation (inbound, DKIM-pass fca.org.uk, named-officer attestation that 2026-05-11 supplement was "referred to the supervisory appropriate team for further investigation") | `evidence/FCA-BoC-Andrew-supervisory-referral-inbo... |
|
| 2026-05-13 | A-Japan-ISA-ICRRA70-1 |
| 1 | JP-ISA-MOJ-koueki-tuuhou-referral-2026-05-13.pdf | 5089465bca4b… | PDF render | Outbound referral packet sent 2026-05-13 | |
|
| 2026-05-13 | A-SEC-TCR-17780-976-067-126 |
| 2026-05-13 | Supplement 01 (targeted-lead expansion) filed against the same Submission Number | evidence/SEC_TCR_ITO_SUPPLEMENT_01-5.pdf (SHA-256 1003cfc2ecf7…) | |
|
| 2026-05-13 | A-SEC-TCR-17780-976-067-126 |
| Supplement 01 (2026-05-13) — targeted-lead expansion | evidence/SEC_TCR_ITO_SUPPLEMENT_01-5.pdf | 1003cfc2ecf7f591a98f60c77d95e85b2ec7835c8756c9f7e29b22069ed8ba0f | PENDING | PENDING | |
|
| 2026-05-13 | 09:08:40 | A-FCA-BoC-StanChart |
| 2026-05-13 09:08:40 UTC | FCA Supervision Hub officer issues a second named-officer substantive reply (subject: Bank of China (UK) Limited). Body confirms: (i) receipt of the 2026-05-11 supplement; (ii) explicit supervisory referral attestation — *"I've today refer... |
| 2026-05-14 | A-Colombia-Consulate-Atlanta |
| Packet date | 2026-05-14 | | |
| 2026-05-14 | A-Colombia-Consulate-Atlanta |
| 1 | evidence/COLOMBIA-EPSTEIN-01-referral-packet-2026-05-14.pdf | a07d5b3fa8cb… | PDF (3 pages) | The hand-delivered referral packet itself. Filer-prepared, signed with the canonical 4A04 PGP fingerprint on the face of the document. **No agency stamp or counter-signature... |
|
| 2026-05-14 | A-Colombia-Consulate-Atlanta |
--armor --detach-sign COLOMBIA-EPSTEIN-01-referral-packet-2026-05-14.pdf | |
| 2026-05-14 | A-SEC-TCR-17780-976-067-126 |
| SEC Ombuds DKIM-signed acknowledgement (2026-05-14) | evidence/SEC-Ombuds-...-2026-05-14T11_04_55-07_00-6.eml | bff7f3b7aa44e1442cad49a959bd04a90ce750f2883e6edd83546363d5525a78 | PENDING | PENDING | |
|
| 2026-05-14 | A-SEC-TCR-17780-976-067-126 |
- That the SEC Ombuds opened Matter ID 20260513-00019687 and sent a DKIM-signed acknowledgement on 2026-05-14. |
|
| 2026-05-14 | 18:04:54 | A-SEC-TCR-17780-976-067-126 |
| 2026-05-14 18:04:54 UTC | SEC Ombuds Office (ombudsmanomms@sec.gov) sends acknowledgement, opens Matter ID 20260513-00019687. DKIM-pass on sec.gov (2048-bit, selector secomms), Salesforce-routed via usa9002.bnc.salesforce.com | `evidence/SEC-Ombuds-...-2026-05-... |
| 2026-05-14 | 18:04:54 | A-SEC-TCR-17780-976-067-126 |
- DKIM signature on sec.gov — selector secomms, 2048-bit RSA, present in evidence/SEC-Ombuds-...-6.eml. This is the strongest external anchor in this case folder: the SEC's own mail infrastructure cryptographically produced the byte sequence in the .eml on 2026-05-... |
| 2026-05-18 | A-Colombia-Consulate-Atlanta |
Status: 🟡 Provisional. The packet was hand-delivered on 2026-05-18 to the Embassy of Colombia in the United States — Legal/Consular Section, Representation of Colombia in Atlanta. **No agency receipt, intake number, or written acknowledgement has been issued as of this... | |
| 2026-05-18 | A-Colombia-Consulate-Atlanta |
| Hand-delivery date | 2026-05-18 | | |
| 2026-05-18 | A-FR-TJ-Paris-Parquet-Financier |
| 1 | FR-Paris-Parquet-Financier-inbound-2026-05-18.eml | 1e143b730f43… | Inbound .eml | PNF reply requesting source document. DKIM-pass header.d=justice.fr selector pfai20240130 (2048-bit); spf=pass smtp.mailfrom=justice.fr; dmarc=pass (p=quarantine). **... |
|
| 2026-05-18 | A-FR-TJ-Paris-Parquet-Financier |
| 2 | FR-Paris-Parquet-Financier-outbound-2026-05-18.eml | 04ee45db2481… | Outbound .eml | User reply transmitting EFTA00027019.pdf + findings_gratitude_america.md, with explicit scope-correction on the "185 lines / 123 beneficiaries" figure. Signed in-body with canonica... |
|
| 2026-05-18 | B-Apple-CVE-2023-41064-Patch-Bypass-iOS-26-2-1 |
Last updated: drop batch 2026-05-18 (batch 10 catalog). Folder created from filer's source bundle delivered this batch. No *.apple.com inbound yet. Status: Provisional. |
|
| 2026-05-18 | B-CNVD-2025-06744 |
| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README | | |
| 2026-05-18 | B-CNVD-2025-06744 |
- Anchor class: Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18. | |
| 2026-05-18 | B-CNVD-2025-07885 |
| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README | | |
| 2026-05-18 | B-CNVD-2025-07885 |
- Anchor class: Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18. | |
| 2026-05-18 | B-IC3-067b3177c3524c80bce02cca08064d11 |
*Last updated: drop batch 2026-05-18 (batch 10 catalog). Folder upgraded from Stub to Provisional with full technical-artifact bundle and the case-anchor rationale recorded. Status: Provisional → Anchor-Class candidate on the IC3 Submission ID + public-internet corroboration c... |