Uncommonly Used Port
Adversaries may use non-standard ports to exfiltrate information.
Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs.
Detection would most likely be at the enterprise level, through packet and/or netflow inspection. Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.