adpare
49 lines
2.3 KiB
JSON
49 lines
2.3 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--fee531dd-01b1-4cd0-a750-2899d86a414c",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"modified": "2023-09-08T19:21:40.736Z",
|
|
"name": "Non-Standard Port",
|
|
"description": "Adversaries may generate network traffic using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "command-and-control"
|
|
}
|
|
],
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_detection": "Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs. Further detection would most likely be at the enterprise level, through packet and/or netflow inspection. Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.",
|
|
"x_mitre_domains": [
|
|
"mobile-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": false,
|
|
"x_mitre_platforms": [
|
|
"Android",
|
|
"iOS"
|
|
],
|
|
"x_mitre_version": "2.1",
|
|
"x_mitre_tactic_type": [
|
|
"Post-Adversary Device Access"
|
|
],
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
|
|
"created": "2019-08-01T13:44:09.368Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1509",
|
|
"external_id": "T1509"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"x_mitre_attack_spec_version": "3.1.0",
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
|
|
}
|
|
]
|
|
} |