Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-04-27 | 202 | A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity | ||
| Details | Website | 2022-04-25 | 104 | Quantum Ransomware | ||
| Details | Website | 2022-04-04 | 113 | Stolen Images Campaign Ends in Conti Ransomware | ||
| Details | Website | 2022-03-25 | 121 | Mustang Panda’s Hodur : Vieux trucs, nouvelle variante de Korplug | WeLiveSecurity | ||
| Details | Website | 2022-03-25 | 125 | Tales of Ransomwares 2021 | ||
| Details | Website | 2022-03-07 | 128 | Fake Purchase Order Used to Deliver Agent Tesla | FortiGuard Labs | ||
| Details | Website | 2022-02-25 | 104 | The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware | FortiGuard Labs | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-02-23 | 314 | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | Mandiant | ||
| Details | Website | 2022-02-15 | 48 | Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months | FortiGuard Labs | ||
| Details | Website | 2022-02-02 | 27 | Catching the RAT called Agent Tesla | Qualys Security Blog | ||
| Details | Website | 2022-01-19 | 85 | One Source to Rule Them All: Chasing AVADDON Ransomware | Mandiant | ||
| Details | Website | 2022-01-18 | 158 | DoNot Go! Do not respawn! | WeLiveSecurity | ||
| Details | Website | 2022-01-06 | 76 | NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies | ||
| Details | Website | 2022-01-01 | 288 | Shadowpad/technical-indicators at main · SentineLabs/Shadowpad | ||
| Details | Website | 2021-12-14 | 56 | Tropic Trooper Targets Transportation and Government Organizations | ||
| Details | Website | 2021-12-10 | 32 | [Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046) | ||
| Details | Website | 2021-12-09 | 16 | The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs | ||
| Details | Website | 2021-12-02 | 95 | SideCopy APT: Connecting lures to victims, payloads to infrastructure | ||
| Details | Website | 2021-12-01 | 47 | Virus Bulletin :: Collector-stealer: a Russian origin credential and information extractor | ||
| Details | Website | 2021-11-29 | 92 | ScarCruft surveilling North Korean defectors and human rights activists | ||
| Details | Website | 2021-11-29 | 108 | Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again | Mandiant | ||
| Details | Website | 2021-11-16 | 12 | Attackers use domain fronting technique to target Myanmar with Cobalt Strike | ||
| Details | Website | 2021-11-16 | 20 | Attackers use domain fronting technique to target Myanmar with Cobalt Strike | ||
| Details | Website | 2021-11-01 | 116 | From Zero to Domain Admin |