Show in Graph
Common Information
Type Value
Value 
External Proxy - T1090.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may use an external proxy to act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including [HTRAN](https://attack.mitre.org/software/S0040), ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) Adversaries use these types of proxies to manage command and control communications, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths to avoid suspicion. External connection proxies are used to mask the destination of C2 traffic and are typically implemented with port redirectors. Compromised systems outside of the victim environment may be used for these purposes, as well as purchased infrastructure such as cloud-based resources or virtual private servers. Proxies may be chosen based on the low likelihood that a connection to them from a compromised system would be investigated. Victim systems would communicate directly with the external proxy on the Internet and then the proxy would forward communications to the C2 server.
Details Published Attributes CTI Title
Details Website 2023-11-06 47 D0nut encrypt me, I have a wife and no backups 
Details Website 2023-10-23 273 Red Team Tools
Details Website 2023-09-15 816 UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks
Details Website 2023-08-07 14 How go hidden on internet through proxy
Details Website 2023-05-24 112 People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA
Details Website 2023-04-19 19 New Variants of Qakbot Banking Trojan
Details Website 2023-04-18 9 Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp - RedPacket Security
Details Website 2023-04-03 22 Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams
Details Website 2023-03-28 42 Updates from the MaaS: new threats delivered through NullMixer
Details Website 2023-03-27 20 Updates from the MaaS: new threats delivered through NullMixer
Details Website 2023-02-28 44 CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
Details Website 2023-02-08 21 Earth Zhulong Familiar Patterns Target Southeast Asian Firms
Details Website 2023-01-28 0 More annoying than crippling: Joker’s Stash takedown is temporary
Details Website 2023-01-02 47 Dark Web Profile: MuddyWater APT Group - SOCRadar
Details Website 2022-12-05 42 AvosLocker Ransomware Update | Kroll
Details Website 2022-06-14 26 QBot returns with new TTPS – Detection & Response - Security Investigation
Details Website 2022-02-24 123 Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA
Details Website 2021-09-02 3 Technical analysis of the QakBot banking Trojan
Details Website 2021-04-29 101 UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat | Mandiant
Details Website 2021-01-14 663 Higaisa or Winnti? APT41 backdoors, old and new
Details Website 2020-12-15 74 QakBot reducing its on disk artifacts - Hornetsecurity
Details Website 2020-10-01 85 Potential for China Cyber Response to Heightened U.S.–China Tensions | CISA
Details Website 2020-05-14 52 Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia | WeLiveSecurity
Details Website 2019-04-15 16 Code Coverage: Achieving Test Coverage using Instrumentation