T1571 - Non-Standard Port
Tattiche:
Command and Control
Command and Control
Piattaforme:
ESXi Linux macOS Windows
ESXi Linux macOS Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)
Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)
Usato da Attori (16)
APT33
Nation-state
Nation-state
FIN7
Criminal
Criminal
Lazarus Group
Nation-state
Nation-state
Gamaredon Group
Unknown
Unknown
APT32
Nation-state
Nation-state
DarkVishnya
Unknown
Unknown
APT-C-36
Nation-state
Nation-state
Rocke
Unknown
Unknown
RedEcho
Unknown
Unknown
WIRTE
Unknown
Unknown
Velvet Ant
Unknown
Unknown
Sandworm Team
Unknown
Unknown
Ember Bear
Unknown
Unknown
Silence
Unknown
Unknown
Magic Hound
Unknown
Unknown
Contagious Interview
Unknown
Unknown
Malware (20)
TrickBot other
Pikabot other
RotaJakiro other
Sardonic other
RedLeaves other
GravityRAT other
InvisibleFerret other
Bankshot other
StrongPity other
Hannotog other
Emotet other
PingPull other
SUGARUSH other
HOPLIGHT other
Raspberry Robin other
BeaverTail other
PlugX other
TYPEFRAME other
VIRTUALPIE other
BendyBear other
Metadata
| MITRE ID: | T1571 |
| STIX ID: | attack-pattern--b18eae87-b469-... |
| Piattaforme: | ESXi, Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |