Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-4 | Information Flow Enforcement | Protects | T1132 | Data Encoding |
CA-7 | Continuous Monitoring | Protects | T1132 | Data Encoding |
CM-2 | Baseline Configuration | Protects | T1132 | Data Encoding |
CM-6 | Configuration Settings | Protects | T1132 | Data Encoding |
SC-7 | Boundary Protection | Protects | T1132 | Data Encoding |
SI-3 | Malicious Code Protection | Protects | T1132 | Data Encoding |
SI-4 | System Monitoring | Protects | T1132 | Data Encoding |
action.hacking.variety.Use of backdoor or C2 | Use of Backdoor or C2 channel | related-to | T1132 | Data Encoding |
action.hacking.vector.Backdoor or C2 | Backdoor or command and control channel | related-to | T1132 | Data Encoding |
action.malware.variety.C2 | Command and control (C2) | related-to | T1132 | Data Encoding |
Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1132.002 | Non-Standard Encoding | 8 |
T1132.001 | Standard Encoding | 8 |