Home/ MITRE Matrix/ Command and Control/ T1571

T1571Non-Standard Port

T1571 — Non-Standard Port is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 8 detection use cases covering it and 4 threat-intel articles citing it.

Command and Control

View on the matrix → Filter Detection Library MITRE official spec ↗

8Use cases

4Articles

0Sub-techniques

1Tactic

Use cases covering this technique (8)

Ollama Abnormal Network Connectivity ESCU actions · hunting P Cisco NVM - Outbound Connection to Suspicious Port ESCU actions · hunting P Cisco Secure Firewall - Communication Over Suspicious Ports ESCU actions · hunting P Cisco Secure Firewall - File Download Over Uncommon Port ESCU actions · hunting P [LLM] Outbound Tor (9001/9030/9050) from network appliance / IoT subnet — JDY C2 beaconing Bespoke c2 · alerting DSΣPDDCS [LLM] BEAM process outbound to new public destination or non-standard port (post-RCE C2) Bespoke c2 · hunting DSPDDCS [LLM] Argamal RAT C2 Beacon — 186.158.223.35 / freeddns / kozow / ignorelist / UDP-57441 / TCP-3747 Bespoke c2 · alerting DSΣPDDCS [LLM] BoltDB Go backdoor C2 callback to 49.12.198.231:20022 Bespoke c2 · hunting DSΣPDDCS

Articles citing this technique (4)

crit China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance art-59

crit [GHSA / CRITICAL] CVE-2026-8467: PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook pl art-75

high Argamal: Malware hidden in hentai games art-137

crit Do not pass GO - Malicious Package Alert art-1000