Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a non-standard data encoding system that diverges from existing protocol specifications. Non-standard data encoding schemes may be based on or related to standard data encoding schemes, such as a modified Base64 encoding for the message body of an HTTP request.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-07 | Continuous Monitoring | mitigates | T1132.002 | Non-Standard Encoding | |
| CM-06 | Configuration Settings | mitigates | T1132.002 | Non-Standard Encoding | |
| SI-03 | Malicious Code Protection | mitigates | T1132.002 | Non-Standard Encoding | |
| CM-02 | Baseline Configuration | mitigates | T1132.002 | Non-Standard Encoding | |
| SI-04 | System Monitoring | mitigates | T1132.002 | Non-Standard Encoding | |
| AC-04 | Information Flow Enforcement | mitigates | T1132.002 | Non-Standard Encoding | |
| SC-07 | Boundary Protection | mitigates | T1132.002 | Non-Standard Encoding |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.Evade Defenses | Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. | related-to | T1132.002 | Non-Standard Encoding |