← Back to Explore
T1090.002
External Proxy
Adversaries may use an external proxy to act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including [HTRAN](https://attack.mitre.org/software/S0040), ZXProxy, and ZXPortMap. (Citation: Trend Micro APT Attack Tools) Adversaries use these types of proxies to manage command and control communications, to provide resiliency in the...
ESXiLinuxNetwork DevicesWindowsmacOS
6
Detections
3
Sources
11
Threat Actors
BY SOURCE
3elastic2sigma1splunk_escu
PROCEDURES (4)
Command And Control2 detections
Auto-extracted: 2 detections for command and control
Exfiltrat2 detections
Auto-extracted: 2 detections for exfiltrat
Http1 detections
Auto-extracted: 1 detections for http
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
DETECTIONS (6)
Cisco Secure Firewall - Connection to File Sharing Domain
splunk_escu
Connection to Commonly Abused Web Services
elasticlow
Curl SOCKS Proxy Activity from Unusual Parent
elasticmedium
Network Communication Initiated To Portmap.IO Domain
sigmamedium
Potential Protocol Tunneling via Cloudflared
elasticmedium
RDP over Reverse SSH Tunnel WFP
sigmahigh