Network Evasion
Technique Name | Technique ID's | Snippet(s) | Rules(s) | OS |
---|---|---|---|---|
C2 via Social Networks | U0901 | |||
Peer to peer C2 | U0902 | |||
Tor Network C2 | U0903 | |||
DNS Hijacking | U0904 E1643.m01 | |||
DNS Tunneling | U0905 T1048.003 | |||
Domain Generation Algorithm | U0906 B0031 | |||
Fast Flux | U0907 | |||
Domain Fronting | U0908 T1090.004 | |||
Homograph Attack (Punycode) | U0909 | |||
C2 via FTP(S) | U0910 | |||
SMB / Named Pipes | U9011 |
Network evasion techniques are methods that malware authors use to try to evade detection by security software and other defenses on a network. These techniques can be used to make malware more difficult to detect, analyze, and remove. Some common network evasion techniques include:
-
Command and control: Malware authors can use command and control (C2) infrastructure to communicate with and control the malware. C2 infrastructure can be difficult to detect, as it can use various methods to communicate with the malware, including using legitimate websites or using encrypted communications.
-
Network hiding: Malware authors can use various techniques to hide the malware on a network. This can include using hidden or hidden services, or using encryption to make the malware traffic difficult to detect.
-
Network tunneling: Malware authors can use network tunneling techniques to send the malware through a network in a way that is difficult to detect. This can include using protocols like Secure Shell (SSH) or Virtual Private Network (VPN) tunnels to send the malware traffic.
-
Network spoofing: Malware authors can use network spoofing techniques to make it appear that the malware traffic is coming from a legitimate source. This can include using techniques like IP spoofing or Domain Name System (DNS) spoofing to make the malware traffic appear legitimate.
Overall, network evasion techniques are used by malware authors to try to make it harder for security software and other defenses to detect and remove the malware on a network. It is important for organizations to have robust security measures in place to detect and protect against these types of threats.