T1571 Non-Standard Port Mappings

Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1571 Non-Standard Port
CA-7 Continuous Monitoring Protects T1571 Non-Standard Port
CM-2 Baseline Configuration Protects T1571 Non-Standard Port
CM-6 Configuration Settings Protects T1571 Non-Standard Port
CM-7 Least Functionality Protects T1571 Non-Standard Port
SC-7 Boundary Protection Protects T1571 Non-Standard Port
SI-3 Malicious Code Protection Protects T1571 Non-Standard Port
SI-4 System Monitoring Protects T1571 Non-Standard Port