- Tactics
- Command and Control
- Platforms
- Linux, macOS, Windows, ESXi
- Reference
- attack.mitre.org/techniques/T1001.002
Description
Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Command and Control tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1001 — Data Obfuscation
- T1008 — Fallback Channels
- T1071 — Application Layer Protocol
- T1090 — Proxy
- T1092 — Communication Through Removable Media
- T1095 — Non-Application Layer Protocol
- T1102 — Web Service
- T1104 — Multi-Stage Channels
- T1105 — Ingress Tool Transfer
- T1132 — Data Encoding
- T1205 — Traffic Signaling
- T1219 — Remote Access Tools