Non-Standard Port (T1571)
Tactic: Command and Control · Platforms: ESXi, Linux, macOS, Windows
The interactive view maps 1 detection strategy, 2 mitigations, 17 threat groups, 41 software entries, 8 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.