T1132.002SubTechniquecommand-and-controlagent-callable

T1132.002Non-Standard Encoding

Sub-technique of T1132

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a non-standard data encoding system that diverges from existing protocol specifications. Non-standard data encoding schemes may be based on or related to standard data encoding schemes, such as a modified Base64 encoding for the message body of an HTTP request.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding)

ATT&CK tactics· 1

Command And Control

References

  1. https://attack.mitre.org/techniques/T1132/002
  2. https://en.wikipedia.org/wiki/Binary-to-text_encoding
  3. https://en.wikipedia.org/wiki/Character_encoding
  4. https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.