T1071.001 - Web Protocols - MITRE ATT&CK - Cyber Threat Intelligence

T1071.001 - Web Protocols

Sub-technique

Tattiche:
Command and Control

Piattaforme:
ESXi Linux macOS Network Devices +1

Rilevamento:
Not specified

Description:

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.

Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.

Usato da Attori (20)

APT18
Nation-state

APT19
Nation-state

APT33
Nation-state

APT28
Nation-state

Turla
Nation-state

Lazarus Group
Nation-state

Stealth Falcon
Nation-state

OilRig
Nation-state

Gamaredon Group
Unknown

APT32
Nation-state

SilverTerrier
Unknown

FIN8
Unknown

Kimsuky
Nation-state

MuddyWater
Nation-state

Dark Caracal
Unknown

APT37
Nation-state

Orangeworm
Unknown

RANCOR
Nation-state

MUSTANG PANDA
Nation-state

TA505
Unknown

Malware (20)

TrickBot other BLINDINGCAN other Ninja other RCSession other Spark other QuietSieve other Amadey other NICECURL other Proxysvc other Torisma other NOKKI other Stuxnet other Get2 other POWRUNER other KOPILUWAK other COATHANGER other Smoke Loader other WindTail other reGeorg other Emissary other

Metadata

MITRE ID:	T1071.001
STIX ID:	attack-pattern--df8b2a25-8bdf-...
Piattaforme:	ESXi, Linux, macOS, Network Devices, Windows
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00