T1132 Data Encoding Mappings

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-04 Information Flow Enforcement Protects T1132 Data Encoding
CA-07 Continuous Monitoring Protects T1132 Data Encoding
CM-02 Baseline Configuration Protects T1132 Data Encoding
CM-06 Configuration Settings Protects T1132 Data Encoding
SC-07 Boundary Protection Protects T1132 Data Encoding
SI-03 Malicious Code Protection Protects T1132 Data Encoding
SI-04 System Monitoring Protects T1132 Data Encoding

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1132.001 Standard Encoding 7
T1132.002 Non-Standard Encoding 7