ioc[.]one - OSINT Cyber Threat Intelligence Database

How APTs Use Reverse Proxies to Nmap Internal Networks

Tags

attack-pattern:

Data Direct Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domain Fronting - T1090.004 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Network Topology - T1590.004 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Domain Fronting - T1172 Powershell - T1086 Sudo - T1169 Connection Proxy

Show in Graph

Common Information

Type	Value
UUID	dd705256-bd13-448d-91bb-fea644ef855f
Fingerprint	b583db59d82370c3
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 18, 2021, 4 a.m.
Added to db	Jan. 18, 2023, 11:52 p.m.
Last updated	Nov. 18, 2024, 11:24 a.m.
Headline	How APTs Use Reverse Proxies to Nmap Internal Networks
Title	How APTs Use Reverse Proxies to Nmap Internal Networks
Detected Hints/Tags/Attributes	63/1/13

Source URLs

	Redirection	Url
Details	Source	https://www.varonis.com/blog/nmap-reverse-proxies/?utm_content=158497201

URL Provider

Details	Provider	Source level domain
Details	varonis.com	www.varonis.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		reversesocksproxyhandler.py
Details	Domain	4131		github.com
Details	File	1		invoke-socksproxy.ps1
Details	File	1		reversesocksproxyhandler.py
Details	File	1		isp.ps1
Details	File	15		credentials.txt
Details	Github username	1		tokyoneon
Details	IPv4	13		172.16.0.1
Details	IPv4	1		172.16.0.3
Details	IPv4	7		192.168.56.102
Details	IPv4	2		172.16.0.4
Details	IPv4	1		172.16.0.115
Details	Url	1		https://github.com/tokyoneon/invoke-socksproxy