216.73.216.6

T0869: Standard Application Layer Protocol

View on MITRE ATT&CK The MITRE Corporation · Published 21/05/2020 19:43 · Modified 27/03/2026 01:44

Essential information

MITRE technique ID
T0869
Confidence
100/100
Revoked
No
Published
21/05/2020 19:43
Modified
27/03/2026 01:44
Author / Source
The MITRE Corporation

Description

Adversaries may establish command and control capabilities over commonly used application layer protocols such as HTTP(S), OPC, RDP, telnet, DNP3, and modbus. These protocols may be used to disguise adversary actions as benign network traffic. Standard protocols may be seen on their associated port or in some cases over a non-standard port. Adversaries may use these protocols to reach out of the network for command and control, or in some cases to other infected devices within the network.

Kill chain phases

Kill chainPhase
mitre-ics-attack command-and-control

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.