#T1102 Web Service

Technique

  • Tactics: Command And Control
  • Description:

    Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites, cloud services, and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google, Microsoft, or Twitter, makes it easier for adversaries to hide in expected noise.(Citation: Broadcom BirdyClient Microsoft Graph API 2024) Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.

    Use of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis while also enabling operational resiliency (since this infrastructure may be dynamically changed).

  • First Seen: Lazarus Group • 2017-05-31
MITRE ATT&CK

Tagged Reports

2026-06-23
Sentinel One
#macOS #Telegram #T1059 #T1102 #T1555.001 #Gaslight
2026-06-14
Genians
#APT37 #NarwhalRAT #LNK #T1566.001 #T1059.001 #T1053.005 #T1027 #T1056.001 #T1113 #T1102 #T1105 #T1025 #T1059.003 #T1071.001 #T1123 #T1204.002 #T1497 #T1497.001 #T1567.002
2026-06-14
Genians
#APT37 #LNK #T1566.001 #T1204.002 #T1059.001 #T1059.003 #T1027 #T1105 #T1053.005 #T1056.001 #T1113 #T1123 #T1025 #T1071.001 #T1102 #T1567.002 #T1497 #T1497.001 #NarwhalRAT
2026-06-12
Safe Dep
#PolinRider #SupplyChain #GitHub #T1195 #T1195.002 #T1059.007 #T1027 #T1102 #T1105
2026-06-09
ESTSecurity
#Kimsuky #Phishing #LNK #T1566.001 #T1204.002 #T1059.001 #T1053.005 #T1547.001 #T1102 #T1071.001 #T1027 #T1140 #T1497
2026-05-28
Safe Dep
#FamousChollima #NPM #T1195 #T1195.002 #T1102 #T1102.002 #T1567 #T1567.002 #T1056 #T1056.001 #T1113 #T1005 #T1552 #T1552.004 #T1059 #T1059.001 #T1059.003 #T1547 #T1547.001 #T1053 #T1053.005 #T1543 #T1543.001 #T1543.004 #HuggingFace #T1119
2026-04-08
Phatom Candle
#EtherRAT #T1566 #T1102 #T1027 #T1547.001 #T1059 #T1001.003 #T1140
2026-04-03
ESTSecurity
#Kimsuky #LNK #Phishing #T1059.001 #T1053.005 #T1027 #T1070.004 #T1102 #T1567.002
2025-11-07
ENKI
#Comebacker #Lazarus #T1059.003 #T1204.005 #T1566.001 #T1620 #T1583.001 #T1059.001 #T1027.015 #T1132.001 #T1027.013 #T1059.005 #T1547.000 #T1204.002 #T1573.001 #T1218.011 #T1547.001 #T1102 #T1071.001 #T1140
2025-08-25
MITRE
#AppleJeus #G1049 #T1573 #T1203 #T1543 #T1027 #T1102 #T1071 #T1574 #T1566 #T1620 #T1553 #T1218 #T1546 #T1078 #T1559 #T1678 #T1195 #T1055 #T1189 #T1657 #T1217
2025-06-03
ENKI
#ITWorker #T1222.001 #T1059.003 #T1059.007 #T1027.010 #T1041 #T1657 #T1573.001 #T1571 #T1102 #T1055.009 #T1071.001 #T1140 #T1565.001 #T1132
2025-03-19
RODNSC
#AsyncRAT #Konni #LNK #T1102 #T1620
2025-03-12
ENKI
#AsyncRAT #Konni #LNK #T1070 #T1059.003 #T1059.007 #T1027.010 #T1620 #T1053.005 #T1059.001 #T1027.013 #T1204.002 #T1567.002 #T1547.001 #T1102 #T1132
2025-02-13
Securonix
#Kimsuky #LNK #DeepDrive #T1059.003 #T1566.001 #T1027.010 #T1036 #T1059.001 #T1053.005 #T1036.007 #T1027 #T1204.002 #T1567.002 #T1620 #T1102 #T1071.001 #T1140 #T1132
2024-03-18
Securonix
#Kimsuky #LNK #DeepGosu #T1047 #T1573 #T1059.005 #T1027 #T1102 #T1057 #T1082 #T1567.002 #T1140 #T1070.004 #T1204.001 #T1041 #T1132.001 #T1219 #T1204.002 #T1115 #T1027.010 #T1083 #T1059.001 #T1053 #T1056.001 #T1059
« Back