Uncommonly Used Port
Adversaries may use non-standard ports to exfiltrate information.
|S0539||Red Alert 2.0|
Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs.
Detection would most likely be at the enterprise level, through packet and/or netflow inspection. Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.
- A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020.
- Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.
- K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.
- A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.
- R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.
- J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.