Adversaries may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1001.001 | Junk Data |
| CA-7 | Continuous Monitoring | Protects | T1001.001 | Junk Data |
| CM-2 | Baseline Configuration | Protects | T1001.001 | Junk Data |
| CM-6 | Configuration Settings | Protects | T1001.001 | Junk Data |
| SC-7 | Boundary Protection | Protects | T1001.001 | Junk Data |
| SI-3 | Malicious Code Protection | Protects | T1001.001 | Junk Data |
| SI-4 | System Monitoring | Protects | T1001.001 | Junk Data |
| action.malware.variety.C2 | Command and control (C2) | related-to | T1001.001 | Data Obfuscation: Junk Data |
| action.malware.variety.Unknown | Unknown | related-to | T1001.001 | Data Obfuscation: Junk Data |