T1132 Data Encoding Mappings

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

View in MITRE ATT&CK®

VERIS Mappings

GCP Mappings

Loading, please wait
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
Notes
google_secops Google Security Operations technique_scores T1132 Data Encoding
Comments
Google Security Ops is able to trigger an alert based on known indicators used by the adversary, such as data encoding techniques. This technique was scored as minimal based on low or uncertain detection coverage factor. This technique was scored as minimal based on low or uncertain detection coverage factor. https://github.com/chronicle/detection-rules/blob/783e0e5947774785db1c55041b70176deeca6f46/soc_prime_rules/ioc_sigma/windows/powershell_encoded_command__sysmon.yaral https://github.com/chronicle/detection-rules/blob/783e0e5947774785db1c55041b70176deeca6f46/soc_prime_rules/threat_hunting/process_creation/emotet_process_creation.yaral https://github.com/chronicle/detection-rules/blob/783e0e5947774785db1c55041b70176deeca6f46/soc_prime_rules/threat_hunting/process_creation/suspicious_powershell_parameter_substring.yaral
References
Showing 1 to 1 of 1 rows

ATT&CK Subtechniques

Loading, please wait
Technique ID
Technique Name
Number of Mappings
T1132.001 Standard Encoding 4
T1132.002 Non-Standard Encoding 3
Showing 1 to 2 of 2 rows