T1043 | lazarus.day

#T1043 Commonly Used Port

Technique

Tactics: Command And Control
Description:
This technique has been deprecated. Please use Non-Standard Port where appropriate.

Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as
- TCP:80 (HTTP)
- TCP:443 (HTTPS)
- TCP:25 (SMTP)
- TCP/UDP:53 (DNS)
They may use the protocol associated with the port or a completely different protocol.

For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are
- TCP/UDP:135 (RPC)
- TCP/UDP:22 (SSH)
- TCP/UDP:3389 (RDP)
First Seen: THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ? • 2019-11-05

MITRE ATT&CK

5

Tagged Reports
5

Unique Authors
2,013

Active Days

Tagged Reports

2025-05-09

Wazuh

Detecting and responding to InvisibleFerret with Wazuh

#InvisibleFerret #T1107 #T1044 #T1485 #T1043 #T1204.002

2021-11-04

NSHC

Threat Actor targeted attack against Finance and Investment industry

#T1036 #T1043 #T1106 #T1102 #T1071 #T1143 #T1082 #T1119 #T1221 #T1049 #T1193 #T1005 #T1041 #T1020 #T1105 #T1083 #T1064 #T1204 #T1059

2020-07-16

ESET

Mac cryptocurrency trading application rebranded, bundled with malware

#Cryptocurrency #GMERA #T1159 #T1005 #T1139 #T1083 #T1518 #T1539 #T1497 #T1065 #T1113 #T1043 #T1040 #T1116 #T1048 #T1204 #T1059 #T1082

2020-02-25

Sentinel One

DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

#HiddenCobra #T1012 #T1043 #T1016 #T1027 #T1050 #T1048 #T1065 #T1057 #T1056 #T1082 #T1024 #T1090 #T1005 #T1193 #T1041 #T1105 #T1132 #T1055 #T1060 #T1083 #T1064 #T1124 #T1033 #T1074 #T1204 #T1003

2019-11-05

Telsy

THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ?

#Lazarus #T1060 #T1193 #T1023 #T1043 #T1002 #T1071 #T1132

« Back