|Enterprise||T1568||.002||Dynamic Resolution: Domain Generation Algorithms||
Ngrok can provide DGA for C2 servers through the use of random URL strings that change every 12 hours.
|Enterprise||T1567||Exfiltration Over Web Service||
Ngrok has been used by threat actors to configure servers for data exfiltration.
Ngrok can tunnel RDP and other services securely over internet connections.
Ngrok can be used to proxy connections to machines located behind NAT or firewalls.
Ngrok has been used by threat actors to proxy C2 connections to ngrok service subdomains.