| ID | Name |
|---|---|
| ATAGS-T1193.001 | Internal Proxy |
| ATAGS-T1193.002 | External Proxy |
| ATAGS-T1193.003 | Multi-hop Proxy |
| ATAGS-T1193.004 | Domain Fronting |
Threat Actors may use an external proxy to act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN, ZXProxy, and ZXPortMap. Threat Actors use these types of proxies to manage command and control communications, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths to avoid suspicion.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.