T1583.006SubTechniqueresource-developmentagent-callable

T1583.006Web Services

Sub-technique of T1583

Platforms: PRE

ATT&CK version: 14.1

What it is

Adversaries may register for web services that can be used during targeting. A variety of popular websites exist for adversaries to register for a web-based service that can be abused during later stages of the adversary lifecycle, such as during Command and Control ([Web Service](https://attack.mitre.org/techniques/T1102)), [Exfiltration Over Web Service](https://attack.mitre.org/techniques/T1567), or [Phishing](https://attack.mitre.org/techniques/T1566). Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. By utilizing a web service, adversaries can make it difficult to physically tie back operations to them.

ATT&CK tactics· 1

Resource Development

References

  1. https://attack.mitre.org/techniques/T1583/006
  2. https://threatconnect.com/blog/infrastructure-research-hunting/
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.