Common Information
| Type | Value |
|---|---|
| Value |
Bidirectional Communication - T1102.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may use an existing, legitimate external Web service as a means for sending commands to and receiving output from a compromised system over the Web service channel. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems can then send the output from those commands back over that Web service channel. The return traffic may occur in a variety of ways, depending on the Web service being utilized. For example, the return traffic may take the form of the compromised system posting a comment on a forum, issuing a pull request to development project, updating a document hosted on a Web service, or by sending a Tweet. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-08 | 11 | What is protocol? | ||
| Details | Website | 2024-11-04 | 12 | ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs | ||
| Details | Website | 2024-10-25 | 2 | Elephants in tunnels: how Hyperdrive connects to databases inside your VPC networks | ||
| Details | Website | 2024-10-25 | 2 | WebSockets Unveiled: Powering Immersive and Interactive Web Experiences | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-02 | 57 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ||
| Details | Website | 2024-07-11 | 26 | MoonWalk: A deep dive into the updated arsenal of APT41 | Part 2 | ||
| Details | Website | 2024-01-01 | 0 | macOS Terms and Trends You Should Know About | Huntress | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-10-13 | 24 | An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit | ||
| Details | Website | 2023-10-13 | 7 | Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing | ||
| Details | Website | 2023-09-22 | 56 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-22 | 57 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-17 | 36 | RedLine Stealer : A new variant surfaces, Deploying using Batch Script - CYFIRMA | ||
| Details | Website | 2023-08-29 | 0 | MMRat Carries Out Bank Fraud Via Fake App Stores | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-24 | 28 | XWorm: Technical Analysis of a New Malware Version | ||
| Details | Website | 2023-07-26 | 7 | The Missing Layer of the Internet: (Self-Sovereign) Identity | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-06-17 | 15 | “Securing the Future: Cybersecurity in the Era of Advanced Threats with Julia” | ||
| Details | Website | 2023-04-19 | 0 | How enterprises can stay ahead of risks, threats and potential attacks [Q&A] | ||
| Details | Website | 2023-03-22 | 9 | APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-03-14 | 12 | NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine | ||
| Details | Website | 2023-03-13 | 0 | IoT Protocols(MQTT ve CoAP) |