译者: 林妙倩、戴亦仑 原创翻译作品,如果需要转载请取得翻译作者同意。
数据来源:ATT&CK Matrices
原文: https://attack.mitre.org/techniques/T1481
术语表: /attack/glossary
攻击者可以使用现有的合法外部Web服务作为将命令中继到受感染系统的手段。
这些命令还可以包括指向命令和控制(C2)基础结构的指针。攻击者可能会在具有嵌入式(通常是经过混淆/编码)域或IP地址的Web服务上发布内容,称为死点解析器。一旦感染,受害者将与这些解决者联系并重定向。
流行的网站和充当C2机制的社交媒体可能会提供大量掩盖,这是因为网络内的主机在入侵之前已经在与它们进行通信的可能性。使用常见服务(例如Google或Twitter提供的服务)可使对手更容易隐藏在预期的噪音中。Web服务提供商通常使用SSL / TLS加密,从而为攻击者提供了额外的保护。
使用Web服务还可以保护后端C2基础结构免受恶意软件二进制分析的发现,同时还可以实现操作弹性(因为该基础结构可以动态更改)。
Adversaries may use an existing, legitimate external Web service as a means for relaying commands to a compromised system.
These commands may also include pointers to command and control (C2) infrastructure. Adversaries may post content, known as a dead drop resolver, on Web services with embedded (and often obfuscated/encoded) domains or IP addresses. Once infected, victims will reach out to and be redirected by these resolvers.
Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Use of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis while also enabling operational resiliency (since this infrastructure may be dynamically changed).
ID编号: T1481
战术类型: 事后访问设备
策略: 命令与控制
平台: Android,iOS
名称 | 描述 |
---|---|
ANDROIDOS_ANSERVER.A(S0310) | ANDROIDOS_ANSERVER.A(S0310) 使用博客站点中的加密内容作为其命令和控制的一部分。具体地说,加密内容包含用于其他服务器的URL,这些URL用于命令和控制的其他方面。 |
Name | Description |
---|---|
ANDROIDOS_ANSERVER.A(S0310) | ANDROIDOS_ANSERVER.A(S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control. |
这种攻击技术无法通过预防性控制轻松缓解,因为它基于滥用系统功能。
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.