#T1043 Commonly Used Port

Technique

  • Tactics: Command And Control
  • Description:

    **This technique has been deprecated. Please use [Non-Standard Port](https://attack.mitre.org/techniques/T1571) where appropriate.**

    Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as

    * TCP:80 (HTTP)
    * TCP:443 (HTTPS)
    * TCP:25 (SMTP)
    * TCP/UDP:53 (DNS)

    They may use the protocol associated with the port or a completely different protocol.

    For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are

    * TCP/UDP:135 (RPC)
    * TCP/UDP:22 (SSH)
    * TCP/UDP:3389 (RDP)

  • First Seen: THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ? • 2019-11-05
MITRE ATT&CK

Tagged Reports

2025-05-09
Wazuh
#InvisibleFerret #T1107 #T1044 #T1485 #T1043 #T1204.002
2021-11-04
NSHC
#T1036 #T1043 #T1106 #T1102 #T1071 #T1143 #T1082 #T1119 #T1221 #T1049 #T1193 #T1005 #T1041 #T1020 #T1105 #T1083 #T1064 #T1204 #T1059
2020-07-16
ESET
#Cryptocurrency #GMERA #T1159 #T1005 #T1139 #T1083 #T1518 #T1539 #T1497 #T1065 #T1113 #T1043 #T1040 #T1116 #T1048 #T1204 #T1059 #T1082
2020-02-25
Sentinel One
#HiddenCobra #T1012 #T1043 #T1016 #T1027 #T1050 #T1048 #T1065 #T1057 #T1056 #T1082 #T1024 #T1090 #T1005 #T1193 #T1041 #T1105 #T1132 #T1055 #T1060 #T1083 #T1064 #T1124 #T1033 #T1074 #T1204 #T1003
2019-11-05
Telsy
#Lazarus #T1060 #T1193 #T1023 #T1043 #T1002 #T1071 #T1132
« Back