T1571

Non-Standard Port

Command and Control

Description

Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)

Platforms

ESXiLinuxmacOSWindows

Mitigations

M1030 — Network Segmentation
M1031 — Network Intrusion Prevention

Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Our coverage

OceanLotus Suspected of Using PyPI to Deliver ZiChatBot Malware via Zulip C2
PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown
TryHackMe Walkthrough: Firewalls

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →