FRP
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
FRP has the ability to use HTTP and HTTPS to enable the forwarding of requests for internal services via domain name.(Citation: FRP GitHub) |
| Enterprise | T1059 | .007 | Command and Scripting Interpreter: JavaScript |
FRP can support the use of a JSON configuration file.(Citation: FRP GitHub) |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
FRP can use STCP (Secret TCP) with a preshared key to encrypt services exposed to public networks.(Citation: FRP GitHub) |
| .002 | Encrypted Channel: Asymmetric Cryptography |
FRP can be configured to only accept TLS connections.(Citation: FRP GitHub) |
||
| Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
The FRP client can be configured to connect to the server through a proxy.(Citation: FRP GitHub) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0108 | Blue Mockingbird |
(Citation: RedCanary Mockingbird May 2020) |
| G0059 | Magic Hound |
(Citation: DFIR Phosphorus November 2021) |
| G1017 | Volt Typhoon |
(Citation: Microsoft Volt Typhoon May 2023) (Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023) |
References
- DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.
- fatedier. (n.d.). What is frp?. Retrieved July 10, 2024.
- Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.
- NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.
- Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.