Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Поиск
Вход Регистрация
MITRE ATT&CK - Technique Commonly Used Port
RU
Риски
Каталоги
MITRE ATT&CK
Техника
Commonly Used Port
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Commonly Used Port

**This technique has been deprecated. Please use Non-Standard Port where appropriate.** Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as * TCP:80 (HTTP) * TCP:443 (HTTPS) * TCP:25 (SMTP) * TCP/UDP:53 (DNS) They may use the protocol associated with the port or a completely different protocol. For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are * TCP/UDP:135 (RPC) * TCP/UDP:22 (SSH) * TCP/UDP:3389 (RDP)

ID: T1043
Tactic(s): Command and Control
Platforms: Linux, Windows, macOS
Version: 1.1
Created: 31 May 2017
Last Modified: 18 Apr 2025

Procedure Examples
Name Description
TrickBot

TrickBot uses port 443 for C2 communications.(Citation: S2 Grupo TrickBot June 2017)(Citation: Trend Micro Totbrick Oct 2016)
PowerDuke

PowerDuke connects over 443 for C2.(Citation: Volexity PowerDuke November 2016)
Wiarp

Wiarp connects to external C2 infrastructure over the HTTP port.(Citation: Symantec Wiarp May 2012)
Proxysvc

Proxysvc uses port 443 for the control server communications.(Citation: McAfee GhostSecret)
Misdat

Misdat network traffic communicates over common ports like 80, 443, or 1433.(Citation: Cylance Dust Storm)
Linux Rabbit

Linux Rabbit checks to see if an SSH server is listening on port 22.(Citation: Anomali Linux Rabbit 2018)
KEYMARBLE

KEYMARBLE uses port 443 for C2.(Citation: US-CERT KEYMARBLE Aug 2018)
HAWKBALL

HAWKBALL has sent HTTP GET requests over port 443 for C2.(Citation: FireEye HAWKBALL Jun 2019)
Naid

Naid connects to external C2 infrastructure over port 443.(Citation: Symantec Naid June 2012)
RedLeaves

RedLeaves uses a specific port of 443 and can also use ports 53 and 80 for C2. One RedLeaves variant uses HTTP over port 443 to connect to its C2 server.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Accenture Hogfish April 2018)
AuditCred

AuditCred has used Port Number 443 for C2 communications.(Citation: TrendMicro Lazarus Nov 2018)
OceanSalt

OceanSalt uses Port Number 8080 for C2.(Citation: McAfee Oceansalt Oct 2018)
LOWBALL

LOWBALL command and control occurs via HTTPS over port 443.(Citation: FireEye admin@338)
EvilGrab

EvilGrab uses port 8080 for C2.(Citation: PWC Cloud Hopper Technical Annex April 2017)
Emotet

Emotet has used ports 20, 22, 80, 443, 8080, and 8443.(Citation: CIS Emotet Apr 2017)(Citation: Talos Emotet Jan 2019)(Citation: Trend Micro Emotet Jan 2019)(Citation: Carbon Black Emotet Apr 2019)
Empire

Empire can conduct command and control over commonly used ports like 80 and 443.(Citation: Github PowerShell Empire)
ELMER

ELMER uses HTTP over port 443 for command and control.(Citation: FireEye EPS Awakens Part 2)
FlawedGrace

FlawedGrace has used port 443 for C2 communications.(Citation: Proofpoint TA505 Jan 2019)
FlawedAmmyy

FlawedAmmyy has used port 443 for C2.(Citation: Proofpoint TA505 Mar 2018)
HOPLIGHT

HOPLIGHT has connected outbound over TCP port 443. (Citation: US-CERT HOPLIGHT Apr 2019)

InvisiMole

InvisiMole uses port 80 for C2.(Citation: ESET InvisiMole June 2018)
Volgmer

Some Volgmer variants use ports 8080 and 8000 for C2.(Citation: US-CERT Volgmer Nov 2017)(Citation: US-CERT Volgmer 2 Nov 2017)(Citation: Symantec Volgmer Aug 2014)
Fysbis

Fysbis has used port 80 for C2.(Citation: Fysbis Palo Alto Analysis)

UBoatRAT

UBoatRAT uses ports 80 and 443 for C2 communications.(Citation: PaloAlto UBoatRAT Nov 2017)
Hi-Zor

Hi-Zor communicates with its C2 server over port 443.(Citation: Fidelis INOCNATION)
KeyBoy

KeyBoy calls back to the C2 server over ports 53, 80, and 443.(Citation: PWC KeyBoys Feb 2017)(Citation: Rapid7 KeyBoy Jun 2013)
BBSRAT

BBSRAT uses HTTP TCP port 80 and HTTPS TCP port 443 for communications.(Citation: Palo Alto Networks BBSRAT)
PlugX

PlugX has beaconed to its C2 over port 443.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: CIRCL PlugX March 2013)
Bisonal

Bisonal uses 443 for C2 communications.(Citation: Unit 42 Bisonal July 2018)
S-Type

S-Type uses ports 80, 443, and 8080 for C2.(Citation: Cylance Dust Storm)
Duqu

Duqu uses a custom command and control protocol that communicates over commonly used ports, and is frequently encapsulated by application layer protocols.(Citation: Symantec W32.Duqu)
Carbanak

Carbanak uses Port Numbers 443 and 80 for the C2 server.(Citation: FireEye CARBANAK June 2017)
Briba

Briba connects to external C2 infrastructure over port 443.(Citation: Symantec Briba May 2012)
TYPEFRAME

TYPEFRAME variants can use ports 443, 8443, and 8080 for communications.(Citation: US-CERT TYPEFRAME June 2018)
Ixeshe

Ixeshe has used TCP port 443 for C2.(Citation: Trend Micro IXESHE 2012)
Derusbi

Derusbi beacons to destination port 443.(Citation: Fidelis Turbo)
BadPatch

BadPatch uses port 26 for C2 communications.(Citation: Unit 42 BadPatch Oct 2017)
RATANKBA

RATANKBA uses port 443 for C2.(Citation: RATANKBA)
BADCALL

BADCALL uses port 8000 and 443 for C2.(Citation: US-CERT BADCALL)
Nidiran

Nidiran communicates with its C2 domain over ports 443 and 8443.(Citation: Symantec Suckfly May 2016)
MoonWind

MoonWind communicates over ports 80, 443, 53, and 8080 via raw sockets instead of the protocols usually associated with the ports.(Citation: Palo Alto MoonWind March 2017)
Cobalt Strike

Cobalt Strike uses a custom command and control protocol that communicates over commonly used ports. The C2 protocol is encapsulated in common application layer protocols.(Citation: cobaltstrike manual)
Cobalt Strike

Cobalt Strike uses a custom command and control protocol that communicates over commonly used ports. The C2 protocol is encapsulated in common application layer protocols.(Citation: cobaltstrike manual)
ServHelper

ServHelper has used port 80 and 443 for C2.(Citation: Proofpoint TA505 Jan 2019)
RIPTIDE

RIPTIDE is a RAT that communicates with HTTP.(Citation: Moran 2014)
Pasam

Pasam connects to external C2 infrastructure and opens a backdoor over port 443.(Citation: Symantec Pasam May 2012)
Carbon

Carbon uses port 80 for C2 communications.(Citation: ESET Carbon Mar 2017)
Cardinal RAT

Cardinal RAT is downloaded using HTTP over port 443.(Citation: PaloAlto CardinalRat Apr 2017)
Calisto

Calisto attempted to contact the C2 server over TCP using port 80.(Citation: Securelist Calisto July 2018)
HARDRAIN

HARDRAIN binds and listens on port 443.(Citation: US-CERT HARDRAIN March 2018)
ftp

FTP operates over ports 21 and 20.(Citation: Wikipedia FTP)
FELIXROOT

FELIXROOT uses Port Numbers 443, 8443, and 8080 for C2 communications.(Citation: FireEye FELIXROOT July 2018)(Citation: ESET GreyEnergy Oct 2018)
ZxShell

ZxShell uses common ports such as 80 and 443 for C2.(Citation: Talos ZxShell Oct 2014 )
POWERSTATS

POWERSTATS has used port 80 for C2.(Citation: Unit 42 MuddyWater Nov 2017)
HTTPBrowser

One HTTPBrowser variant connected to its C2 server over port 8080.(Citation: ZScaler Hacking Team)
Mis-Type

Mis-Type communicates over common ports such as TCP 80, 443, and 25.(Citation: Cylance Dust Storm)
MirageFox

MirageFox uses port 80 for C2.(Citation: APT15 Intezer June 2018)
POWERTON

POWERTON has used port 443 for C2 traffic.(Citation: FireEye APT33 Guardrail)

Comnie

Comnie uses Port Numbers 80, 8080, 8000, and 443 for communication to the C2 servers.(Citation: Palo Alto Comnie)
ADVSTORESHELL

A variant of ADVSTORESHELL attempts communication to the C2 server over HTTP on port 443.(Citation: Bitdefender APT28 Dec 2015)
Mivast

Mivast communicates over port 80 for C2.(Citation: Symantec Backdoor.Mivast)
APT28

APT28 has used port 443 for C2.(Citation: Microsoft STRONTIUM Aug 2019)
Lazarus Group

Some Lazarus Group malware uses a list of ordered port numbers to choose a port for C2 traffic, which includes commonly used ports such as 443, 53, 80, 25, and 8080.(Citation: Novetta Blockbuster)(Citation: Novetta Blockbuster RATs)
APT29

APT29 has used Port Number 443 for C2.(Citation: FireEye APT29 Nov 2018)
Night Dragon

Night Dragon has used ports 25 and 80 for C2 communications.(Citation: McAfee Night Dragon)
Dragonfly 2.0

Dragonfly 2.0 used SMB over ports 445 or 139 for C2. The group also established encrypted connections over port 443.(Citation: US-CERT TA18-074A)(Citation: US-CERT APT Energy Oct 2017)
Threat Group-3390

C2 traffic for most Threat Group-3390 tools occurs over Port Numbers 53, 80, and 443.(Citation: Dell TG-3390)
OilRig

OilRig has used port 80 to call back to the C2 server.(Citation: FireEye APT34 July 2019)

TEMP.Veles

TEMP.Veles has used port 443 for C2.(Citation: FireEye TRITON 2019)
APT19

APT19 used TCP port 80 for C2.(Citation: FireEye APT19)
APT37

APT37 has used port 8080 for C2.(Citation: Securelist ScarCruft Jun 2016)
FIN7

FIN7 has used ports 53, 80, 443, and 8080 for C2.(Citation: FireEye FIN7 Aug 2018)
APT18

APT18 uses port 80 for C2 communications.(Citation: PaloAlto DNS Requests May 2016)(Citation: Anomali Evasive Maneuvers July 2015)
Magic Hound

Magic Hound malware has communicated with C2 servers over port 6667 (for IRC) and port 8080.(Citation: Unit 42 Magic Hound Feb 2017)
APT3

APT3 uses commonly used ports (like HTTPS/443) for command and control.(Citation: evolution of pirpi)
FIN8

FIN8 has tunneled RDP backdoors over port 443.(Citation: FireEye Know Your Enemy FIN8 Aug 2016)

Mitigations
Mitigation Description
Network Segmentation

Network segmentation involves dividing a network into smaller, isolated segments to control and limit the flow of traffic between devices, systems, and applications. By segmenting networks, organizations can reduce the attack surface, restrict lateral movement by adversaries, and protect critical assets from compromise. Effective network segmentation leverages a combination of physical boundaries, logical separation through VLANs, and access control policies enforced by network appliances like firewalls, routers, and cloud-based configurations. This mitigation can be implemented through the following measures: Segment Critical Systems: - Identify and group systems based on their function, sensitivity, and risk. Examples include payment systems, HR databases, production systems, and internet-facing servers. - Use VLANs, firewalls, or routers to enforce logical separation. Implement DMZ for Public-Facing Services: - Host web servers, DNS servers, and email servers in a DMZ to limit their access to internal systems. - Apply strict firewall rules to filter traffic between the DMZ and internal networks. Use Cloud-Based Segmentation: - In cloud environments, use VPCs, subnets, and security groups to isolate applications and enforce traffic rules. - Apply AWS Transit Gateway or Azure VNet peering for controlled connectivity between cloud segments. Apply Microsegmentation for Workloads: - Use software-defined networking (SDN) tools to implement workload-level segmentation and prevent lateral movement. Restrict Traffic with ACLs and Firewalls: - Apply Access Control Lists (ACLs) to network devices to enforce "deny by default" policies. - Use firewalls to restrict both north-south (external-internal) and east-west (internal-internal) traffic. Monitor and Audit Segmented Networks: - Regularly review firewall rules, ACLs, and segmentation policies. - Monitor network flows for anomalies to ensure segmentation is effective. Test Segmentation Effectiveness: - Perform periodic penetration tests to verify that unauthorized access is blocked between network segments.
Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.
Commonly Used Port Mitigation

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level. Signatures are often for unique indicators within protocols and may be based on the specific protocol used by a particular adversary or tool, and will likely be different across various malware families and versions. Adversaries will likely change tool C2 signatures over time or construct protocols in such a way as to avoid detection by common defensive tools. (Citation: University of Birmingham C2)

Detection

Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2)

References

  1. Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.
  2. US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.
  3. Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.
  4. US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.
  5. US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.
  6. Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.
  7. McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
  8. Gross, J. (2016, February 23). Operation Dust Storm. Retrieved September 19, 2017.
  9. Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.
  10. Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.
  11. Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.
  12. Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.
  13. Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.
  14. Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.
  15. Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.
  16. Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.
  17. Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.
  18. Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.
  19. MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.
  20. Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.
  21. Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.
  22. ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.
  23. Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
  24. Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.
  25. Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.
  26. Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.
  27. DiMaggio, J.. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.
  28. FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
  29. Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.
  30. Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.
  31. Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.
  32. Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.
  33. Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
  34. Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.
  35. Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.
  36. Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.
  37. Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.
  38. Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.
  39. Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.
  40. Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.
  41. Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.
  42. Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.
  43. Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.
  44. Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.
  45. Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.
  46. Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.
  47. Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.
  48. Winters, R.. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.
  49. Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.
  50. Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.
  51. Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.
  52. Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.
  53. Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.
  54. Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.
  55. Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.
  56. US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.
  57. Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.
  58. US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.
  59. Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.
  60. US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.
  61. Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.
  62. Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.
  63. Wikipedia. (2016, June 15). File Transfer Protocol. Retrieved July 20, 2016.
  64. Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.
  65. Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.
  66. US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.
  67. Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.
  68. Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.
  69. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  70. Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.
  71. Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.
  72. Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.
  73. US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
  74. Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.
  75. Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.
  76. US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.
  77. Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.
  78. CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.
  79. Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.
  80. Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved July 31, 2018.
  81. Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
  82. Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.
  83. Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
  84. Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.
Навигация

Связанные риски

Ничего не найдено

Каталоги

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.