Hide Infrastructure (T1665)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Hide Infrastructure

Associated Tactics

  • Command And Control

Command and Control (TA0011)

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Andrew Northern. (2022, November 22). SocGholish, a very real threat from a very fake update. Retrieved February 13, 2024. SocGholish-update
Axel F, Selena Larson. (2023, October 30). TA571 Delivers IcedID Forked Loader. Retrieved February 13, 2024. TA571
Bluescreenofjeff.com. (2015, April 12). Combatting Incident Responders with Apache mod_rewrite. Retrieved February 13, 2024. mod_rewrite
Dusty Miller. (2023, October 17). Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates . Retrieved February 13, 2024. Browser-updates
Microsoft Threat Intelligence. (2023, December 7). Star Blizzard increases sophistication and evasion in ongoing attacks. Retrieved February 13, 2024. StarBlizzard
Nathaniel Raymond. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved February 13, 2024. QR-cofense
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved February 13, 2024. Schema-abuse
Orange Cyberdefense. (2024, March 14). Unveiling the depths of residential proxies providers. Retrieved April 11, 2024. Orange Residential Proxies
Spyboy. (2023). Facad1ng. Retrieved February 13, 2024. Facad1ng
Sysdig. (2023). Sysdig Global Cloud Threat Report. Retrieved March 1, 2024. sysdig