Skip to content

Hide Navigation Hide TOC

FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)

FRP, which stands for Fast Reverse Proxy, is an openly available tool that is capable of exposing a server located behind a firewall or Network Address Translation (NAT) to the Internet. FRP can support multiple protocols including TCP, UDP, and HTTP(S) and has been abused by threat actors to proxy command and control communications.(Citation: FRP GitHub)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: RedCanary Mockingbird May 2020)(Citation: DFIR Phosphorus November 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2