T1573Techniquecommand-and-controlagent-callable

T1573Encrypted Channel

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.

ATT&CK tactics· 1

Command And Control

References

  1. https://attack.mitre.org/techniques/T1573
  2. http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840
  3. https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html
  4. https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.