Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-15 | 38 | Dark Web Profile: Cadet Blizzard | ||
| Details | Website | 2024-11-15 | 33 | DONOT's Attack On Maritime & Defense Manufacturing | ||
| Details | Website | 2024-11-13 | 24 | Lessons from a Honeypot with US Citizens’ Data | ||
| Details | Website | 2024-11-12 | 26 | Dissecting A Multi-Stage PowerShell Campaign Using Chisel | ||
| Details | Website | 2024-11-08 | 14 | Reveal Lab Write-Up | ||
| Details | Website | 2024-11-08 | 35 | Life on a crooked RedLine: Analyzing the infamous infostealer’s backend | ||
| Details | Website | 2024-11-07 | 7 | Mapping CTF Techniques to the MITRE ATT&CK Framework: TryHack3M: Bricks Heist | ||
| Details | Website | 2024-11-07 | 114 | Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps | ||
| Details | Website | 2024-11-07 | 66 | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER | ||
| Details | Website | 2024-11-07 | 33 | Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro | ||
| Details | Website | 2024-11-05 | 7 | Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare - CyberSRC | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-11-04 | 24 | From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 379 | 从目录浏览分析幽盾攻击组织-安全客 - 安全资讯平台 | ||
| Details | Website | 2024-10-30 | 28 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | ||
| Details | Website | 2024-10-29 | 19 | Ransomware: Kill Security | ||
| Details | Website | 2024-10-28 | 376 | Inside the Open Directory of the “You Dun” Threat Group | ||
| Details | Website | 2024-10-26 | 0 | Top 10 Programming Languages For Cyber Security | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-24 | 221 | Operation Cobalt Whisper Targets Industries in Hong Kong and Pakistan | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-22 | 13 | Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach |