Skip to content

T1436 Commonly Used Port

Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection.

They may use commonly open ports such as

  • TCP:80 (HTTP)
  • TCP:443 (HTTPS)
  • TCP:25 (SMTP)
  • TCP/UDP:53 (DNS)

They may use the protocol associated with the port or a completely different protocol.

Item Value
ID T1436
Tactics TA0037, TA0036
Platforms Android, iOS
Version 1.0
Created 25 October 2017
Last Modified 19 June 2019

Procedure Examples

ID Name Description
S0182 FinFisher FinFisher exfiltrates data over commonly used ports, such as ports 21, 53, and 443.1
S0485 Mandrake Mandrake has communicated with the C2 server over TCP port 443.2


Back to top