TA0011ATT&CK 14.1

TA0011Command and Control

Description

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

Techniques in this tactic· 16

T1001

Data Obfuscation

T1008

Fallback Channels

T1071

Application Layer Protocol

T1090

T1092

Communication Through Removable Media

T1095

Non-Application Layer Protocol

T1102

T1104

Multi-Stage Channels

T1105

Ingress Tool Transfer

T1132

T1205

Traffic Signaling

T1219

Remote Access Software

T1568

Dynamic Resolution

T1571

Non-Standard Port

T1572

Protocol Tunneling

T1573

Encrypted Channel

Sub-techniques in this tactic· 23

T1001.001 T1001.002 T1001.003 T1071.001 T1071.002 T1071.003 T1071.004 T1090.001 T1090.002 T1090.003 T1090.004 T1102.001 T1102.002 T1102.003 T1132.001 T1132.002 T1205.001 T1205.002 T1568.001 T1568.002 T1568.003 T1573.001 T1573.002

References

https://attack.mitre.org/tactics/TA0011

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Protocol Impersonation

Data Obfuscation

Lateral Movement

Exfiltration Over C2 Channel

Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.