Home
ATT&CK Techniques
T1132.002 Non-Standard Encoding

T1132.002 Non-Standard Encoding Mappings

Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a non-standard data encoding system that diverges from existing protocol specifications. Non-standard data encoding schemes may be based on or related to standard data encoding schemes, such as a modified Base64 encoding for the message body of an HTTP request.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
action.hacking.variety.Evade Defenses	Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.	related-to	T1132.002	Data Encoding: Non-Standard Encoding
action.malware.variety.Backdoor or C2	Malware creates a remote control capability, but it's unclear if it's a backdoor for hacking or C2 for malware. Parent of 'C2' and 'Backdoor'.	related-to	T1132.002	Data Encoding: Non-Standard Encoding
action.malware.variety.C2	Malware creates Command and Control capability for malware. Child of 'Backdoor or C2'.	related-to	T1132.002	Data Encoding: Non-Standard Encoding