Port 4444 - Metasploit (TCP/UDP)
Severity: Medium | Category: Legacy
T1571 - Non-Standard Port [Command and Control] Default Metasploit listener; Meterpreter reverse shells bind here
T1059 - Command and Scripting Interpreter [Execution] Meterpreter enables full system control, pivoting, exfiltration
Strong IOC Traffic on 4444 is strong indicator of compromise