MITRE ATT&CK / T1573
T1573
Encrypted Channel
Command and Control
Description
Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Platforms
ESXiLinuxmacOSNetwork DevicesWindows
Mitigations
- M1031 — Network Intrusion Prevention
- M1020 — SSL/TLS Inspection
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →