Question 1

What is T1001 — Data Obfuscation?

Accepted Answer

Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hi…

Question 2

What is the authoritative source for T1001?

Accepted Answer

Data Obfuscation (T1001) is catalogued in MITRE ATT&CK Enterprise and curated for EU compliance use cases by SQUR.

Question 3

Which ATT&CK tactics does T1001 belong to?

Accepted Answer

T1001 (Data Obfuscation) maps to the following MITRE ATT&CK tactic(s): command-and-control.

T1001Data Obfuscation

What it is

ATT&CK tactics· 1

References