Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
AC-4 | Information Flow Enforcement | Protects | T1573.001 | Symmetric Cryptography | |
CA-7 | Continuous Monitoring | Protects | T1573.001 | Symmetric Cryptography | |
CM-2 | Baseline Configuration | Protects | T1573.001 | Symmetric Cryptography | |
CM-6 | Configuration Settings | Protects | T1573.001 | Symmetric Cryptography | |
CM-7 | Least Functionality | Protects | T1573.001 | Symmetric Cryptography | |
SC-12 | Cryptographic Key Establishment and Management | Protects | T1573.001 | Symmetric Cryptography | |
SC-16 | Transmission of Security and Privacy Attributes | Protects | T1573.001 | Symmetric Cryptography | |
SC-23 | Session Authenticity | Protects | T1573.001 | Symmetric Cryptography | |
SC-7 | Boundary Protection | Protects | T1573.001 | Symmetric Cryptography | |
SI-3 | Malicious Code Protection | Protects | T1573.001 | Symmetric Cryptography | |
SI-4 | System Monitoring | Protects | T1573.001 | Symmetric Cryptography |
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
action.hacking.variety.Use of backdoor or C2 | Use of Backdoor or C2 channel | related-to | T1573.001 | Encrypted Channels: Symmetric Cryptography | |
action.malware.variety.C2 | Command and control (C2) | related-to | T1573.001 | Encrypted Channels: Symmetric Cryptography |