Non-Standard Port (T1571)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Non-Standard Port

Associated Tactics

  • Command And Control

Command and Control (TA0011)

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016. University of Birmingham C2
Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019. Symantec Elfin Mar 2019
The DFIR Report. (2022, March 1). "Change RDP port" #ContiLeaks. Retrieved September 12, 2024. change_rdp_port_conti
Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018. Fortinet Agent Tesla April 2018