Testing Usage of Uncommonly Used Port (adf876b3-f1f8-4aa9-a4e4-a64106feec06)
Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) | Attack Pattern | Testing Usage of Uncommonly Used Port (adf876b3-f1f8-4aa9-a4e4-a64106feec06) | Sigma-Rules | 1 |