Common Information
| Type | Value |
|---|---|
| Value |
Web Protocols - T1071.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-09-20 | 37 | Indian Taxpayers face a Multifaceted Threat with Drinik Malware's Return | ||
| Details | Website | 2023-09-20 | 86 | GOLD MELODY: Profile of an Initial Access Broker | ||
| Details | Website | 2023-09-18 | 19 | Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA | ||
| Details | Website | 2023-09-18 | 48 | WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-09-05 | 41 | Dark Web Profile: Medusa Ransomware (MedusaLocker) | ||
| Details | Website | 2023-08-28 | 135 | HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report | ||
| Details | Website | 2023-08-28 | 37 | Back to School Reminder - Keep Your Mac Clean! | ||
| Details | Website | 2023-08-28 | 42 | Kaspersky Lab’s technical analysis of Lockbit v3 Builder | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-23 | 70 | Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat | ||
| Details | Website | 2023-08-23 | 45 | The Persistent Danger of Remcos RAT - CYFIRMA | ||
| Details | Website | 2023-08-17 | 30 | Cuba Ransomware Deploys New Tools: BlackBerry Discovers Targets Including Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America | ||
| Details | Website | 2023-08-10 | 92 | Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT | ||
| Details | Website | 2023-08-06 | 29 | CVE-2023–3519 WebShell Implant | ||
| Details | Website | 2023-08-02 | 31 | Investigating Intrusions From Intriguing Exploits | ||
| Details | Website | 2023-07-27 | 50 | Dark Web Profile: 8Base Ransomware | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-07-25 | 47 | Decoding RomCom: Behaviors and Opportunities for Detection | ||
| Details | Website | 2023-07-25 | 0 | Lookout Announces Advanced Traffic Steering Agents to Replace Virtual Private Networks | ||
| Details | Website | 2023-07-24 | 0 | SASE is not SD-WAN + SSE | ||
| Details | Website | 2023-07-21 | 25 | Attacker-Crypter (v0.9): Unveiling a Powerful Tool for Evading Antivirus and Enhancing Malware Capabilities - CYFIRMA | ||
| Details | Website | 2023-07-20 | 10 | Analyzing a .NET variant of LaplasClipper Malware | ||
| Details | Website | 2023-07-20 | 59 | Common TTPs of attacks against industrial organizations. Implants for remote access | Kaspersky ICS CERT |