T1573 Encrypted Channel Mappings

Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CA-07 Continuous Monitoring mitigates T1573 Encrypted Channel
CM-06 Configuration Settings mitigates T1573 Encrypted Channel
SC-12 Cryptographic Key Establishment and Management mitigates T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes mitigates T1573 Encrypted Channel
SC-23 Session Authenticity mitigates T1573 Encrypted Channel
SI-03 Malicious Code Protection mitigates T1573 Encrypted Channel
CM-02 Baseline Configuration mitigates T1573 Encrypted Channel
CM-07 Least Functionality mitigates T1573 Encrypted Channel
SI-04 System Monitoring mitigates T1573 Encrypted Channel
AC-04 Information Flow Enforcement mitigates T1573 Encrypted Channel
SC-07 Boundary Protection mitigates T1573 Encrypted Channel

VERIS Mappings

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1573.001 Symmetric Cryptography 15
T1573.002 Asymmetric Cryptography 14