1. Home
  2. ATT&CK Techniques
  3. T1132 Data Encoding

T1132 Data Encoding

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-4 Information Flow Enforcement Protects T1132 Data Encoding
CA-7 Continuous Monitoring Protects T1132 Data Encoding
CM-2 Baseline Configuration Protects T1132 Data Encoding
CM-6 Configuration Settings Protects T1132 Data Encoding
SC-7 Boundary Protection Protects T1132 Data Encoding
SI-3 Malicious Code Protection Protects T1132 Data Encoding
SI-4 System Monitoring Protects T1132 Data Encoding

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1132 Data Encoding
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1132 Data Encoding
action.malware.variety.C2 Command and control (C2) related-to T1132 Data Encoding

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1132.002 Non-Standard Encoding 8
T1132.001 Standard Encoding 8