Back to ATT&CK Hub
T1071

Application Layer Protocol

Command and Control
Featured

Adversaries may communicate using application layer protocols to avoid detection by blending in with existing traffic.

View on MITRE ATT&CK

Real-World Example

APT groups commonly use HTTPS for C2 communications, making traffic analysis difficult as it blends with legitimate web traffic.

Defense Strategies

  • SSL/TLS inspection
  • DNS monitoring
  • Network segmentation
  • Proxy authentication

Detection Methods

  • Analyze traffic patterns
  • Monitor for beaconing behavior
  • Track unusual protocol usage
  • Detect domain fronting

Related Techniques in Command and Control

T1105

Ingress Tool Transfer

Ready to learn more techniques and test your knowledge?