T0884: Connection Proxy
Essential information
- MITRE technique ID
T0884- Confidence
- 100/100
- Revoked
- No
- Published
- 21/05/2020 19:43
- Modified
- 27/03/2026 01:44
- Author / Source
- The MITRE Corporation
Description
Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications.
The definition of a proxy can also be expanded to encompass trust relationships between networks in peer-to-peer, mesh, or trusted connections between networks consisting of hosts or systems that regularly communicate with each other.
The network may be within a single organization or across multiple organizations with trust relationships. Adversaries could use these types of relationships to manage command and control communications, to reduce the number of simultaneous outbound network connections, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. (Citation: Enterprise ATT&CK January 2018)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-ics-attack | command-and-control |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.