- Tactics
- Command and Control
- Platforms
- ESXi, Linux, macOS, Network Devices, Windows
- Reference
- attack.mitre.org/techniques/T1573
Description
Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Sub-techniques
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Command and Control tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1001 — Data Obfuscation
- T1008 — Fallback Channels
- T1071 — Application Layer Protocol
- T1090 — Proxy
- T1092 — Communication Through Removable Media
- T1095 — Non-Application Layer Protocol
- T1102 — Web Service
- T1104 — Multi-Stage Channels
- T1105 — Ingress Tool Transfer
- T1132 — Data Encoding
- T1205 — Traffic Signaling
- T1219 — Remote Access Tools