Home/ MITRE Matrix/ Command and Control/ T1090.003

T1090.003Multi-hop Proxy

T1090.003 — Multi-hop Proxy is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 10 detection use cases covering it and 5 threat-intel articles citing it.

Command and Control

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

5Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1090 · Proxy

Use cases covering this technique (10)

1Password activity from Tor exit node Internal delivery · alerting DD Application user activity from Tor Internal delivery · alerting DD Google Workspace access from Tor exit node Internal delivery · alerting DD Windows TOR Client Execution ESCU actions · hunting P Cisco SA - Access to Anonymizer Services ESCU actions · hunting P TOR Traffic ESCU actions · alerting P [LLM] Atomic Arch: non-Tor-aware process connecting to local SOCKS proxy on 9050/9150 Bespoke c2 · hunting DSΣPDDCS [LLM] Atomic Arch — Tor client spawn or .onion endpoint contact from AUR-installing developer host Bespoke c2 · alerting DSΣPDDCS [LLM] Outbound Tor (9001/9030/9050) from network appliance / IoT subnet — JDY C2 beaconing Bespoke c2 · alerting DSΣPDDCS [LLM] Session/Oxen P2P exfil DNS or TCP to getsession.org from build/CI host Bespoke c2 · alerting DSΣPDD

Articles citing this technique (5)

high Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit art-17

high Over 400 Arch Linux packages compromised to push rootkit, infostealer art-25

crit China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance art-59

crit Webworm: New burrowing techniques art-240

crit TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack art-318