DET0700 Detection of Bidirectional Communication

Technique Detected: T1481.002 (Bidirectional Communication)

Analytics

Android

AN1816

Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application. Many properly configured firewalls may naturally block bidirectional command and control traffic.

Log Sources

Mutable Elements

iOS

AN1817

Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application. Many properly configured firewalls may naturally block bidirectional command and control traffic.

Log Sources

Mutable Elements