Show in Graph
Common Information
Type Value
Value 
Data Encoding - T1132
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Command and control (C2) information is encoded using a standard data encoding system. Use of data encoding may be to adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, UTF-8, or other binary-to-text and character encoding systems. (Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip. Detection: Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: Packet capture, Process use of network, Process Monitoring, Network protocol analysis Permissions Required: User Requires Network: Yes Contributors: Itzik Kotler, SafeBreach
Details Published Attributes CTI Title
Details Website 2024-11-08 35 Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Details Website 2024-11-07 33 Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro
Details Website 2024-11-07 14 AQUATIC PANDA in Possession of Log4Shell Exploit Tools | CrowdStrike
Details Website 2024-10-24 28 Networking Concepts (tryhackme)
Details Website 2024-10-23 26 Networking Concepts | Cyber Security 101 (THM)
Details Website 2024-10-21 21 Attackers Target Exposed Docker Remote API Servers With perfctl Malware
Details Website 2024-10-17 100 Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Details Website 2024-10-16 10 From QR to compromise: The growing “quishing” threat
Details Website 2024-10-13 0 Understanding the OSI Model: A Comprehensive Guide
Details Website 2024-10-11 71 Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-07 141 Mind the (air) gap: GoldenJackal gooses government guardrails
Details Website 2024-10-02 57 Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Details Website 2024-09-27 0 OSI Layers and Common Attacks on Each Layer
Details Website 2024-09-27 123 Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
Details Website 2024-09-13 35 Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event
Details Website 2024-09-13 35 Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event
Details Website 2024-09-08 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领) | CTF导航
Details Website 2024-09-05 4 Gigamon Best Practices for Event Logging and Threat Detection - Gigamon Blog
Details Website 2024-08-30 97 From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users
Details Website 2024-07-30 33 Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro
Details Website 2024-06-20 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领)
Details Website 2024-06-18 53 ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
Details Website 2024-06-13 18 What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2) | JUMPSEC LABS
Details Website 2024-06-06 9 Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
Details Website 2024-06-06 9 Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers