T1573 Encrypted Channel Mappings

Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1573 Encrypted Channel
CA-7 Continuous Monitoring Protects T1573 Encrypted Channel
CM-2 Baseline Configuration Protects T1573 Encrypted Channel
CM-6 Configuration Settings Protects T1573 Encrypted Channel
CM-7 Least Functionality Protects T1573 Encrypted Channel
SC-12 Cryptographic Key Establishment and Management Protects T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes Protects T1573 Encrypted Channel
SC-23 Session Authenticity Protects T1573 Encrypted Channel
SC-7 Boundary Protection Protects T1573 Encrypted Channel
SI-3 Malicious Code Protection Protects T1573 Encrypted Channel
SI-4 System Monitoring Protects T1573 Encrypted Channel
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1573 Encrypted Channels
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1573 Encrypted Channels
action.malware.variety.C2 Command and control (C2) related-to T1573 Encrypted Channels

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1573.002 Asymmetric Cryptography 13
T1573.001 Symmetric Cryptography 13