Skip to content

T1437 Application Layer Protocol

Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the mobile device, and often the results of those commands, will be embedded within the protocol traffic between the mobile device and server.

Adversaries may utilize many different protocols, including those used for web browsing, transferring files, electronic mail, or DNS.

Item Value
ID T1437
Sub-techniques T1437.001
Tactics TA0037
Platforms Android, iOS
Version 1.2
Created 25 October 2017
Last Modified 19 April 2022

Procedure Examples

ID Name Description
S0550 DoubleAgent DoubleAgent has used both FTP and TCP sockets for data exfiltration.2
S1054 Drinik Drinik has code to use Firebase Cloud Messaging for receiving C2 instructions.1