V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
← Back to List
T1102Enterprise
Matrix: Enterprise
Status: Active
STIX: 19.0
Source ↗

Web Service

Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites, cloud services, and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google, Microsoft, or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. Use of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis while also enabling operational resiliency (since this infrastructure may be dynamically changed).

Tactics

Command & Control

Sub-techniques

T1102.001
Dead Drop Resolver
T1102.002
Bidirectional Communication
T1102.003
One-Way Communication

Platforms

ESXiLinuxmacOSWindows

Mitigations

M1021
Restrict Web-Based Content
M1031
Network Intrusion Prevention
Open in catalog with ATT&CK filter →

Related CAPECs

Affected vulnerabilities (Inferred)

View on attack.mitre.org ↗
No matches — refine the filter to see a result.