Common Information
| Type | Value |
|---|---|
| Value |
Connection Proxy - T1090 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | A connection proxy is used to direct network traffic between systems or act as an intermediary for network communications. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN, ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) The definition of a proxy can also be expanded out to encompass trust relationships between networks in peer-to-peer, mesh, or trusted connections between networks consisting of hosts or systems that regularly communicate with each other. The network may be within a single organization or across organizations with trust relationships. Adversaries could use these types of relationships to manage command and control communications, to reduce the number of simultaneous outbound network connections, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Detection: Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Network activities disassociated from user-driven actions from processes that normally require user direction are suspicious. Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server or between clients that should not or often do not communicate with one another). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: Process use of network, Process monitoring, Netflow/Enclave netflow, Packet capture Requires Network: Yes Contributors: Walker Johnson |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-08 | 1 | CVE Alert: CVE-2024-51504 - RedPacket Security | ||
| Details | Website | 2024-11-08 | 5 | Cybersecurity News Review — Week 45 | ||
| Details | Website | 2024-11-08 | 3 | Malicious NPM Packages Target Roblox Users with Data-Stealing Malware | ||
| Details | Website | 2024-11-08 | 2 | Stealthy Guardian Nmap Quest: Mastering Cybersecurity Reconnaissance | ||
| Details | Website | 2024-11-08 | 0 | Try Hack Me THM: Secure Network Architecture | ||
| Details | Website | 2024-11-08 | 7 | Cobalt Strike Beacon Detected - 54[.]251[.]109[.]230:80 - RedPacket Security | ||
| Details | Website | 2024-11-08 | 7 | Cobalt Strike Beacon Detected - 1[.]94[.]254[.]25:8085 - RedPacket Security | ||
| Details | Website | 2024-11-08 | 9 | Cobalt Strike Beacon Detected - 114[.]115[.]213[.]248:443 - RedPacket Security | ||
| Details | Website | 2024-11-08 | 3 | Malicious NPM Packages Target Roblox Users with Data-Stealing Malware - RedPacket Security | ||
| Details | Website | 2024-11-08 | 7 | Cobalt Strike Beacon Detected - 45[.]63[.]121[.]172:80 - RedPacket Security | ||
| Details | Website | 2024-11-08 | 71 | Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations | ||
| Details | Website | 2024-11-07 | 1 | Let's Look for Bad Stuff Using Censys' "Suspicious-Open-Directory" Label! | ||
| Details | Website | 2024-11-07 | 0 | Zero-trust architecture with Microsoft | ||
| Details | Website | 2024-11-07 | 11 | Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers | ||
| Details | Website | 2024-11-07 | 2 | A look at the latest post-quantum signature standardization candidates | ||
| Details | Website | 2024-11-07 | 0 | Best SOCKS5 Proxy for Carding: A Comprehensive Guide | ||
| Details | Website | 2024-11-07 | 7 | Cobalt Strike Beacon Detected - 91[.]240[.]202[.]191:444 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 6 | Cobalt Strike Beacon Detected - 65[.]108[.]27[.]189:9089 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 3 | Cobalt Strike Beacon Detected - 45[.]144[.]136[.]86:81 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 10 | Cobalt Strike Beacon Detected - 34[.]232[.]187[.]165:443 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 9 | Cobalt Strike Beacon Detected - 119[.]3[.]218[.]60:8443 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 0 | Comprehensive Guide to Configuring SSL Decryption and Threat Prevention/Detection in Palo Alto… | ||
| Details | Website | 2024-11-07 | 3 | Who is Tropic Trooper (APT23)? | ||
| Details | Website | 2024-11-07 | 14 | Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them | ||
| Details | Website | 2024-11-07 | 0 | Diving into OWASP ZAP |