T1001.001SubTechniquecommand-and-controlagent-callable

T1001.001Junk Data

Sub-technique of T1001

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.

ATT&CK tactics· 1

Command And Control

References

  1. https://attack.mitre.org/techniques/T1001/001
  2. https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.