TECHNIQUES
- Home
- Techniques
- Mobile
- Commonly Used Port
Commonly Used Port
Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection.
They may use commonly open ports such as
- TCP:80 (HTTP)
- TCP:443 (HTTPS)
- TCP:25 (SMTP)
- TCP/UDP:53 (DNS)
They may use the protocol associated with the port or a completely different protocol.
ID: T1436
Sub-techniques:
No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactics:
Command And Control, Exfiltration
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 19 June 2019
Procedure Examples
Name | Description |
---|---|
FinFisher |
FinFisher exfiltrates data over commonly used ports, such as ports 21, 53, and 443.[1] |
Mandrake |
Mandrake has communicated with the C2 server over TCP port 443.[2] |
Mitigations
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
References
×