DET0663 Detection of Exploitation of Remote Services

Item	Value
ID	DET0663
Version	1.0
Created	21 October 2025
Last Modified	21 October 2025

Technique Detected: T1428 (Exploitation of Remote Services)

Analytics

Android

AN1755

Network traffic analysis could reveal patterns of compromise if devices attempt to access unusual targets or resources. Application vetting may be able to identify applications that perform Discovery or utilize existing connectivity to remotely access hosts within an internal enterprise network.

Log Sources

Data Component	Name	Channel
Network Traffic Content (DC0085)	Network Traffic	None
Network Communication (DC0113)	Application Vetting	None

Mutable Elements

Field	Description

iOS

AN1756

Network traffic analysis could reveal patterns of compromise if devices attempt to access unusual targets or resources. Application vetting may be able to identify applications that perform Discovery or utilize existing connectivity to remotely access hosts within an internal enterprise network.

Log Sources

Data Component	Name	Channel
Network Traffic Content (DC0085)	Network Traffic	None
Network Communication (DC0113)	Application Vetting	None

Mutable Elements

Field	Description