Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-03-17 | 8 | Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report | ||
| Details | Website | 2021-03-11 | 181 | Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection | FortiGurad Labs | ||
| Details | Website | 2021-03-04 | 47 | New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 | Mandiant | ||
| Details | Website | 2021-02-25 | 161 | Lazarus targets defense industry with ThreatNeedle | ||
| Details | Website | 2021-02-25 | 190 | So Unchill: Melting UNC2198 ICEDID to Ransomware Operations | Mandiant | ||
| Details | Website | 2021-02-04 | 25 | Connecting the dots inside the Italian APT Landscape - Yoroi | ||
| Details | Website | 2021-02-03 | 34 | MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server | ||
| Details | Website | 2021-01-28 | 58 | North Korean Threat Group APT38 Threat Intel Advisory | Threat Intelligence | CloudSEK | ||
| Details | Website | 2021-01-25 | 18 | Affiliates vs Hunters: Fighting the DarkSide - SOC Prime | ||
| Details | Website | 2021-01-19 | 37 | FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet - Check Point Research | ||
| Details | Website | 2021-01-14 | 663 | Higaisa or Winnti? APT41 backdoors, old and new | ||
| Details | Website | 2021-01-12 | 216 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-12 | 215 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2020-12-23 | 112 | Lazarus covets COVID-19-related intelligence | ||
| Details | Website | 2020-12-18 | 74 | Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers - Microsoft Security Blog | ||
| Details | Website | 2020-12-17 | 91 | Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations | CISA | ||
| Details | Website | 2020-12-16 | 43 | UNC2452 Threat Actor Group Threat Intel Advisory | Threat Intelligence | CloudSEK | ||
| Details | Website | 2020-12-15 | 74 | QakBot reducing its on disk artifacts - Hornetsecurity | ||
| Details | Website | 2020-12-13 | 49 | SolarWinds Supply Chain Attack Uses SUNBURST Backdoor | ||
| Details | Website | 2020-12-03 | 9 | CTI is Better Served with Context: Getting better value from IOCs | ||
| Details | Website | 2020-12-02 | 100 | IcedID Stealer Man-in-the-browser Banking Trojan | ||
| Details | Website | 2020-11-16 | 98 | Lazarus supply‑chain attack in South Korea | WeLiveSecurity | ||
| Details | Website | 2020-11-05 | 60 | Attacks on industrial enterprises using RMS and TeamViewer: new data | ||
| Details | Website | 2020-11-04 | 35 | malware-ioc/sparklinggoblin at master · eset/malware-ioc | ||
| Details | Website | 2020-10-24 | 31 | Emotet Malware | CISA |