T1132 Data Encoding Mappings

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1132 Data Encoding
CA-7 Continuous Monitoring Protects T1132 Data Encoding
CM-2 Baseline Configuration Protects T1132 Data Encoding
CM-6 Configuration Settings Protects T1132 Data Encoding
SC-7 Boundary Protection Protects T1132 Data Encoding
SI-3 Malicious Code Protection Protects T1132 Data Encoding
SI-4 System Monitoring Protects T1132 Data Encoding
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1132 Data Encoding
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1132 Data Encoding
action.malware.variety.C2 Command and control (C2) related-to T1132 Data Encoding

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1132.002 Non-Standard Encoding 8
T1132.001 Standard Encoding 8