T1001.001 Junk Data Mappings

Adversaries may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1001.001 Junk Data
CA-7 Continuous Monitoring Protects T1001.001 Junk Data
CM-2 Baseline Configuration Protects T1001.001 Junk Data
CM-6 Configuration Settings Protects T1001.001 Junk Data
SC-7 Boundary Protection Protects T1001.001 Junk Data
SI-3 Malicious Code Protection Protects T1001.001 Junk Data
SI-4 System Monitoring Protects T1001.001 Junk Data
action.malware.variety.C2 Command and control (C2) related-to T1001.001 Data Obfuscation: Junk Data
action.malware.variety.Unknown Unknown related-to T1001.001 Data Obfuscation: Junk Data