EXPLORE
Sign In
← Back to Explore
T1090.001

Internal Proxy

Adversaries may use an internal proxy to direct command and control traffic between two or more systems in a compromised environment. Many tools exist that enable traffic redirection through proxies or port redirection, including [HTRAN](https://attack.mitre.org/software/S0040), ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) Adversaries use internal proxies to manage command and control communications inside a compromised environment, to reduce the number of simultaneous outbou...

LinuxNetwork DevicesWindowsmacOSESXi
10
Detections
3
Sources
9
Threat Actors

BY SOURCE

6sigma2elastic2splunk_escu

PROCEDURES (9)

Cloud2 detections

Auto-extracted: 2 detections for cloud

Service1 detections

Auto-extracted: 1 detections for service

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Tunnel1 detections

Auto-extracted: 1 detections for tunnel

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Persist1 detections

Auto-extracted: 1 detections for persist

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (9)

APT39FIN13HigaisaLazarus GroupLotus BlossomStriderTurlaVelvet AntVolt Typhoon

DETECTIONS (10)

Cloudflared Portable Execution
sigmamedium
Cloudflared Quick Tunnel Execution
sigmamedium
HackTool - SharpChisel Execution
sigmahigh
IPv4/IPv6 Forwarding Activity
elasticlow
Port Forwarding Rule Addition
elasticmedium
PUA - Chisel Tunneling Tool Execution
sigmahigh
RDP over Reverse SSH Tunnel WFP
sigmahigh
Renamed Cloudflared.EXE Execution
sigmahigh
Windows Proxy Via Netsh
splunk_escu
Windows Proxy Via Registry
splunk_escu