Port redirector

Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack. [1]

ID: T1363
Sub-techniques:  No sub-techniques
Tactic: Stage Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Infrastructure is (typically) outside of control/visibility of defender and as such as tools are staged for specific campaigns, it will not be observable to those being attacked.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary has control of the infrastructure and will likely be able to add/remove tools to infrastructure, whether acquired via hacking or standard computer acquisition (e.g., [https://aws.amazon.com AWS], VPS providers).


  1. JOE STEWART. (2011, August 3). HTran and the Advanced Persistent Threat. Retrieved March 28, 2017.