Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N – Volume 101 | ||
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N - Volume 101 - Zimperium | ||
| Details | Website | 2024-10-18 | 27 | Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A | ||
| Details | Website | 2024-10-17 | 42 | New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
| Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA | ||
| Details | Website | 2024-10-14 | 0 | HTTP/2: Better, Faster, Stronger | ||
| Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
| Details | Website | 2024-10-09 | 22 | APT 40 Advisory PRC MSS Tradecraft In Action Summary | ||
| Details | Website | 2024-10-08 | 21 | MisterioLNK: The Open-Source Builder Behind Malicious Loaders - Cyble | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-02 | 57 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ||
| Details | Website | 2024-10-01 | 61 | GitHub Scanner — Lumma Stealer Threat Intel | ||
| Details | Website | 2024-10-01 | 27 | Silent Intrusion: Unraveling The Sophisticated Attack Leveraging VS Code For Unauthorized Access - Cyble | ||
| Details | Website | 2024-09-30 | 174 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs | ||
| Details | Website | 2024-09-27 | 58 | OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe - CYFIRMA | ||
| Details | Website | 2024-09-26 | 1 | [LOCKBIT3] - Ransomware Victim: chcm[.]us - RedPacket Security | ||
| Details | Website | 2024-09-26 | 11 | DCRat Targets Users with HTML Smuggling | ||
| Details | Website | 2024-09-23 | 29 | Undetected Android Spyware Targeting Individuals In South Korea - Cyble | ||
| Details | Website | 2024-09-22 | 11 | Marko Polo — PartyWorld.exe | ||
| Details | Website | 2024-09-16 | 28 | Threat Intelligence Report September 10 - September 16 2024 | Red Piranha | ||
| Details | Website | 2024-09-13 | 7 | Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT | ||
| Details | Website | 2024-09-13 | 37 | Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware - CYFIRMA | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware |