← Back to Explore
T1205
Traffic Signaling
Adversaries may use traffic signaling to hide open ports or other malicious functionality used for persistence or command and control. Traffic signaling involves the use of a magic value or sequence that must be sent to a system to trigger a special response, such as opening a closed port or executing a malicious task. This may take the form of sending a series of packets with certain characteristics before a port will be opened that the adversary can use for command and control. Usually this se...
LinuxmacOSNetwork DevicesWindows
1
Detections
1
Sources
3
Threat Actors
BY SOURCE
1elastic
PROCEDURES (1)
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring