Trusted Design
This technique has been deprecated. Please use Create Account, Web Shell, and External Remote Services where appropriate.
Adversaries may use more than one remote access tool with varying command and control protocols or credentialed access to remote services so they can maintain access if an access mechanism is detected or mitigated.
If one type of tool is detected and blocked or removed as a response but the organization did not gain a full understanding of the adversary's tools and access, then the adversary will be able to retain access to the network. Adversaries may also attempt to gain access to Valid Accounts to use External Remote Services such as external VPNs as a way to maintain access despite interruptions to remote access tools deployed within a target network.(Citation: Mandiant APT1) Adversaries may also retain access through cloud-based infrastructure and applications.
Use of a Web Shell is one such way to maintain access to a network through an externally accessible Web server.
この攻撃手法を利用する脅威アクターは登録されていません。