Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-04-01 | 124 | From OneNote to RansomNote: An Ice Cold Intrusion | ||
| Details | Website | 2024-03-27 | 65 | European diplomats targeted by SPIKEDWINE with WINELOADER | ||
| Details | Website | 2024-03-22 | 35 | Unveiling KamiKakaBot - Malware Analysis - Nextron Systems | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-06 | 59 | Тень пентестера: эксперты F.A.C.C.T. исследовали неизвестные атаки вымогателей Shadow | ||
| Details | Website | 2024-02-20 | 137 | Earth Preta Campaign Uses DOPLUGS to Target Asia | ||
| Details | Website | 2024-02-01 | 47 | VajraSpy: A Patchwork of espionage apps | ||
| Details | Website | 2024-01-24 | 16 | Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT | ||
| Details | Website | 2024-01-05 | 34 | Turkish espionage campaigns in the Netherlands | ||
| Details | Website | 2024-01-04 | 63 | ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario) | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-12-04 | 74 | SQL Brute Force Leads to BlueSky Ransomware | ||
| Details | Website | 2023-11-30 | 27 | AeroBlade on the Hunt Targeting the U.S. Aerospace Industry | ||
| Details | Website | 2023-11-28 | 81 | Aki-RATs - Command and Control Party | ||
| Details | Website | 2023-11-19 | 117 | LitterDrifter: a new USB worm used by the Gamaredon group | ||
| Details | Website | 2023-11-17 | 29 | Threat Actor Targets 'Batman: Arkham City' Gamers using Meterpreter | ||
| Details | Website | 2023-11-14 | 11 | The song remains the same: The 2023 Active Adversary Report for Security Practitioners | ||
| Details | Website | 2023-11-14 | 44 | Everything You Need to Know About Silent Skimming | ||
| Details | Website | 2023-11-09 | 7 | Memory scanning leaves attackers nowhere to hide | ||
| Details | Website | 2023-11-06 | 203 | SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT - Blogs on Information Technology, Network & Cybersecurity | Seqrite | ||
| Details | Website | 2023-11-03 | 106 | Exploitation of CVE-2023-46604 Leading to Ransomware | ||
| Details | Website | 2023-11-02 | 0 | Conference brings Silicon Valley DevOps security to Europe | ||
| Details | Website | 2023-11-01 | 44 | Elastic catches DPRK passing out KANDYKORN — Elastic Security Labs | ||
| Details | Website | 2023-10-27 | 117 | A cascade of compromise: unveiling Lazarus' new campaign |