EXPLORE
← Back to Explore
T1571

Non-Standard Port

Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data. Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry ke...

ESXiLinuxmacOSWindows
17
Detections
4
Sources
17
Threat Actors

BY SOURCE

7elastic5sigma4splunk_escu1crowdstrike_cql

PROCEDURES (12)

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

C22 detections

Auto-extracted: 2 detections for c2

Unusual1 detections

Auto-extracted: 1 detections for unusual

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Command And Control1 detections

Auto-extracted: 1 detections for command and control

Command And Control1 detections

Auto-extracted: 1 detections for command and control

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Http1 detections

Auto-extracted: 1 detections for http

C21 detections

Auto-extracted: 1 detections for c2

Http1 detections

Auto-extracted: 1 detections for http

Http1 detections

Auto-extracted: 1 detections for http

DETECTIONS (17)