Common Information
| Type | Value |
|---|---|
| Value |
Web Service - T1481 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. Use of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis, or enable operational resiliency (since this infrastructure may be dynamically changed). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-10-16 | 16 | Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign | ||
| Details | Website | 2023-10-12 | 25 | CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations | ||
| Details | Website | 2023-10-12 | 0 | SSL Certificate Replacement Guide for NSFOCUS ADSM and Portal - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. | ||
| Details | Website | 2023-10-05 | 6 | APT Profile: Dark Pink APT Group | ||
| Details | Website | 2023-10-04 | 0 | Validate IAM policies with Access Analyzer using AWS Config rules | Amazon Web Services | ||
| Details | Website | 2023-10-03 | 2 | The Benefits of a Cloud Security Network Architecture Review | ||
| Details | Website | 2023-10-03 | 94 | Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog | ||
| Details | Website | 2023-09-27 | 0 | AWS achieves QI2/QC2 qualification to host critical data and workloads from the Italian Public Administration | Amazon Web Services | ||
| Details | Website | 2023-09-22 | 56 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-22 | 57 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-21 | 21 | Multiple Command and Control (C2) Frameworks During Red Team Engagements | ||
| Details | Website | 2023-09-19 | 0 | Cato: The Rise of the Next-Generation Networking and Security Platform | ||
| Details | Website | 2023-09-17 | 36 | RedLine Stealer : A new variant surfaces, Deploying using Batch Script - CYFIRMA | ||
| Details | Website | 2023-09-14 | 8 | UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety | Mandiant | ||
| Details | Website | 2023-09-02 | 3 | NVD - CVE-2023-39979 | ||
| Details | Website | 2023-08-30 | 1 | Changelog: www.shodan.io | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-23 | 3 | ZDI-23-1168 | ||
| Details | Website | 2023-08-22 | 3 | NVD - CVE-2021-35309 | ||
| Details | Website | 2023-08-12 | 13 | Hack The Box Write-Up #1 — Lame | ||
| Details | Website | 2023-08-11 | 40 | Critical Vulnerabilities Affecting Prioritized Software and Services in July 2023 | ||
| Details | Website | 2023-08-10 | 12 | Attacker combines phone, email lures into believable, complex attack chain | ||
| Details | Website | 2023-08-09 | 2 | What Is Data Leakage? | ||
| Details | Website | 2023-08-07 | 7 | The Rise of Human-Based Botnets: Unconventional Threats in Cyberspace | ||
| Details | Website | 2023-08-07 | 621 | Vulnerability Summary for the Week of July 31, 2023 | CISA |