| ID | Name |
|---|---|
| ATAGS-T1196.001 | Dead Drop Resolver |
| ATAGS-T1196.002 | Bidirectional Communication |
| ATAGS-T1196.003 | One-Way Communication |
Threat Actors may use an existing, legitimate external Web service to host information that points to additional command and control (C2) infrastructure. Threat Actors may post content, known as a dead drop resolver, on Web services with embedded (and often obfuscated/encoded) domains or IP addresses. Once infected, victims will reach out to and be redirected by these resolvers.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.