Adversaries may encode data with a standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system that adheres to existing protocol specifications. Common data encoding schemes include ASCII, Unicode, hexadecimal, Base64, and MIME.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1132.001 | Standard Encoding |
| CA-7 | Continuous Monitoring | Protects | T1132.001 | Standard Encoding |
| CM-2 | Baseline Configuration | Protects | T1132.001 | Standard Encoding |
| CM-6 | Configuration Settings | Protects | T1132.001 | Standard Encoding |
| SC-7 | Boundary Protection | Protects | T1132.001 | Standard Encoding |
| SI-3 | Malicious Code Protection | Protects | T1132.001 | Standard Encoding |
| SI-4 | System Monitoring | Protects | T1132.001 | Standard Encoding |
| action.malware.variety.C2 | Command and control (C2) | related-to | T1132.001 | Data Encoding: Standard Encoding |