Description
Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.
Threat-Mapped Scoring
Threat Score:
0.0
Industry:
Threat Priority:
Unclassified
ATT&CK Kill Chain Metadata
- Tactics: command-and-control
- Platforms: Linux, Windows, macOS, ESXi
-
Detection Guidance:
Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2)
Malware
- Anchor
- AppleSeed
- BISCUIT
- Bazar
- BlackEnergy
- Bumblebee
- CHOPSTICK
- Cardinal RAT
- CharmPower
- Crutch
- Derusbi
- DustySky
- Ebury
- Exaramel for Linux
- FatDuke
- Gelsemium
- HOPLIGHT
- InvisiMole
- JHUHUGIT
- Kazuar
- Kevin
- Kwampirs
- Linfo
- Machete
- MiniDuke
- Mis-Type
- NETEAGLE
- OilBooster
- PipeMon
- QUADAGENT
- QUIETEXIT
- RDAT
- RainyDay
- S-Type
- Shark
- ShimRat
- SideTwist
- SslMM
- Stuxnet
- TAINTEDSCRIBE
- TinyTurla
- TrickBot
- Uroburos
- Valak
- WinMM
- XTunnel