Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1001.002 | Steganography |
| CA-7 | Continuous Monitoring | Protects | T1001.002 | Steganography |
| CM-2 | Baseline Configuration | Protects | T1001.002 | Steganography |
| CM-6 | Configuration Settings | Protects | T1001.002 | Steganography |
| SC-7 | Boundary Protection | Protects | T1001.002 | Steganography |
| SI-3 | Malicious Code Protection | Protects | T1001.002 | Steganography |
| SI-4 | System Monitoring | Protects | T1001.002 | Steganography |
| action.malware.variety.Unknown | Unknown | related-to | T1001.002 | Data Obfuscation: Steganography |