Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-07 | Continuous Monitoring | mitigates | T1573 | Encrypted Channel | |
| CM-06 | Configuration Settings | mitigates | T1573 | Encrypted Channel | |
| SC-12 | Cryptographic Key Establishment and Management | mitigates | T1573 | Encrypted Channel | |
| SC-16 | Transmission of Security and Privacy Attributes | mitigates | T1573 | Encrypted Channel | |
| SC-23 | Session Authenticity | mitigates | T1573 | Encrypted Channel | |
| SI-03 | Malicious Code Protection | mitigates | T1573 | Encrypted Channel | |
| CM-02 | Baseline Configuration | mitigates | T1573 | Encrypted Channel | |
| CM-07 | Least Functionality | mitigates | T1573 | Encrypted Channel | |
| SI-04 | System Monitoring | mitigates | T1573 | Encrypted Channel | |
| AC-04 | Information Flow Enforcement | mitigates | T1573 | Encrypted Channel | |
| SC-07 | Boundary Protection | mitigates | T1573 | Encrypted Channel |
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1573.001 | Symmetric Cryptography | 15 |
| T1573.002 | Asymmetric Cryptography | 14 |