T1571 - DPRK Threat Intelligence

#T1571 Non-Standard Port

Technique

Tactics: Command And Control
Description:
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.

Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)
First Seen: Lazarus Group • 2017-05-31

MITRE ATT&CK

18

Tagged Reports
14

Unique Authors
3,212

Active Days

Tagged Reports

2026-03-16

Break Glass Intelligence

Lazarus Group is Using the Solana Blockchain as a Dead-Drop C2 Channel -- and Nobody Noticed for 4 Months

#TraderTraitor #T1059.007 #T1082 #T1036 #T1041 #T1008 #T1027 #T1070.009 #T1622 #T1573.001 #T1571 #T1497.003 #T1102.001 #T1583.003 #T1195.001

2025-11-26

Socket

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

#ContagiousInterview #NPM #OtterCookie #T1204.005 #T1036 #T1555.001 #T1587 #T1583.006 #T1082 #T1119 #T1585 #T1547.001 #T1005 #T1059.007 #T1587.001 #T1539 #T1041 #T1113 #T1656 #T1608.001 #T1204.002 #T1571 #T1105 #T1195.002 #T1115 #T1083 #T1583.001 #T1497 #T1546.016 #T1555.003 #T1056.001 #T1657 #T1217

2025-10-19

MITRE

Contagious Interview

#ContagiousInterview #G1052 #T1562 #T1589 #T1593 #T1573 #T1608 #T1036 #T1587 #T1543 #T1027 #T1048 #T1567 #T1071 #T1082 #T1566 #T1090 #T1585 #T1480 #T1546 #T1583 #T1041 #T1219 #T1555 #T1656 #T1681 #T1571 #T1588 #T1547 #T1070 #T1083 #T1497 #T1059 #T1204 #T1657

2025-08-13

Cyfirma

APT PROFILE – LAZARUS GROUP

#Lazarus #T1090.001 #T1134.002 #T1562.001 #T1543.003 #T1059.003 #T1553.002 #T1614.001 #T1074.001 #T1485 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1218.010 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1573 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1574.013 #T1561.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001

2025-07-26

Bloo

InvisibleFerret Threat Intelligence Report

#ContagiousInterview #InvisibleFerret #T1562.001 #T1016 #T1027 #T1566.003 #T1560.001 #T1543.003 #T1082 #T1059.003 #T1567.002 #T1041 #T1219 #T1578 #T1204.002 #T1571 #T1071.001 #T1195.002 #T1115 #T1083 #T1555.003 #T1056.001

2025-06-03

ENKI

구직자로 위장한 공격자의 Github 악용 악성코드 유포 사례 분석

#ITWorker #T1222.001 #T1059.003 #T1059.007 #T1027.010 #T1041 #T1657 #T1573.001 #T1571 #T1102 #T1055.009 #T1071.001 #T1140 #T1565.001 #T1132

2025-06-03

Any Run

OtterCookie: Analysis of New Lazarus Group Malware

#Lazarus #OtterCookie #T1071 #T1003 #T1571 #T1082

2025-02-20

ESET

DeceptiveDevelopment targets freelance developers

#BeaverTail #DeceptiveDevelopment #InvisibleFerret #T1025 #T1567.004 #T1555.001 #T1027.013 #T1016 #T1071.002 #T1566.003 #T1564.003 #T1552.001 #T1583.003 #T1082 #T1614 #T1119 #T1059.003 #T1074.001 #T1140 #T1030 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1041 #T1564.001 #T1010 #T1219 #T1608.001 #T1204.002 #T1571 #T1071.001 #T1059.006 #T1115 #T1083 #T1124 #T1555.003 #T1056.001 #T1133 #T1021.001 #T1095 #T1560.002 #T1657 #T1217

2025-01-21

Any Run

InvisibleFerret Malware: Technical Analysis

#InvisibleFerret #BeaverTail #T1016 #T1571

2024-08-22

S2W

Threat Tracking: Analysis of puNK-003’s Lilith RAT ported to AutoIt Script

#LINKON #AutoIt #puNK-003 #CURKON #LNK #LilithRAT #puNK-002 #puNK-001 #T1518.001 #T1059.003 #T1027.010 #T1053.005 #T1059.001 #T1564.001 #T1539 #T1041 #T1555.003 #T1204.002 #T1564.003 #T1571 #T1547.001 #T1105

2024-07-19

Cyfirma

APT Quarterly Highlights : Q2 2024

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1562.001 #T1190 #T1068 #T1543.003 #T1056 #T1595.002 #T1059.003 #T1566 #T1485 #T1218.011 #T1069.002 #T1010 #T1571 #T1102.001 #T1583.001 #T1555.003 #T1033 #T1497.001 #T1203 #T1036 #T1012 #T1027 #T1583.003 #T1071 #T1562.004 #T1614 #T1027.005 #T1548 #T1552 #T1140 #T1005 #T1053.005 #T1564.001 #T1555 #T1129 #T1070.001 #T1046 #T1070 #T1095 #T1569.002 #T1562 #T1573 #T1047 #T1552.001 #T1057 #T1082 #T1518.001 #T1176 #T1090 #T1518 #T1539 #T1041 #T1564 #T1560 #T1202 #T1071.001 #T1547 #T1112 #T1497 #T1059.001 #T1124 #T1056.001 #T1222 #T1070.006 #T1059 #T1564.003 #T1222.001 #T1056.004 #T1547.001 #T1584 #T1087.002 #T1070.004 #T1505.003 #T1113 #T1608.005 #T1204.002 #T1087 #T1574.002 #T1115 #T1083 #T1490 #T1053 #T1486 #T1566.002 #T1133 #T1021.004 #T1003

2023-09-27

Ptsecurity

Dark River. You can't see them, but they're there

#MataDoor #DarkRiver #CVE-2021-40444 #T1090.001 #T1016 #T1106 #T1018 #T1622 #T1543.003 #T1027.002 #T1071 #T1057 #T1082 #T1572.001 #T1059.003 #T1566.001 #T1074.001 #T1572 #T1218.011 #T1620 #T1135 #T1049 #T1140 #T1030 #T1005 #T1036.004 #T1041 #T1129 #T1572.002 #T1571 #T1090.002 #T1046 #T1218.010 #T1132 #T1112 #T1083 #T1124 #T1033 #T1095 #T1560.002 #T1090.003 #T1008

2023-07-28

Securonix

Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures

#StarkMule #T1566.001 #T1566 #T1053.005 #T1059.001 #T1204.002 #T1573.001 #T1571 #T1567 #T1105 #T1584.004

2022-08-24

Iron Net

Defending in a hostile environment: Key findings from the BlackHat NOC

#Kimsuky #SHARPEXT #T1046 #T1566 #T1090 #T1571 #T1095 #T1568 #T1071 #T1132

2021-12-02

SOCRadar

APT Profile: Who is Lazarus Group?

#Lazarus #T1090.001 #T1134.002 #T0865 #T1562.001 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1485 #T1614.001 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1561.001 #T1574.013 #T1573.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001

« Back