NETWIRE can implement use of proxies to pivot traffic. Netsh can be used to set up a proxy tunnel to allow remote host access to an infected host. Kessel can use a proxy during exfiltration if set in the configuration. ![]() HTRAN can proxy TCP socket connections to obfuscate command and control infrastructure. HOPLIGHT has multiple proxy options that mask traffic between the malware and the remote operators. ![]() HARDRAIN uses the command cmd.exe /c netsh firewall add portopening TCP 443 "adp" and makes the victim machine function as a proxy server. įox Kitten has used the open source reverse proxy tools including FRPC and Go Proxy to establish connections from C2 to local servers. Infected computers become part of a P2P botnet that can relay C2 traffic to other infected peers. ĭridex contains a backconnect module for tunneling network traffic through a victim's computer. īlue Mockingbird has used frp, ssf, and Venom to establish SOCKS proxy connections. īADCALL functions as a proxy server between the victim and C2 server. ĪuditCred can utilize proxy for communications. Īria-body has the ability to use a reverse SOCKS proxy module. ![]() APT41 used a tool called CLASSFON to covertly proxy network communications.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |