Common Information
| Type | Value |
|---|---|
| Value |
Data Encoding - T1132 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Command and control (C2) information is encoded using a standard data encoding system. Use of data encoding may be to adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, UTF-8, or other binary-to-text and character encoding systems. (Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip. Detection: Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: Packet capture, Process use of network, Process Monitoring, Network protocol analysis Permissions Required: User Requires Network: Yes Contributors: Itzik Kotler, SafeBreach |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-05-30 | 18 | Decoding Water Sigbin's Latest Obfuscation Tricks | ||
| Details | Website | 2024-05-30 | 19 | Decoding Water Sigbin's Latest Obfuscation Tricks | ||
| Details | Website | 2024-05-22 | 48 | Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs | ||
| Details | Website | 2024-05-16 | 23 | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | ||
| Details | Website | 2024-05-15 | 45 | To the Moon and back(doors): Lunar landing in diplomatic missions | ||
| Details | Website | 2024-04-17 | 90 | Malvertising campaign targeting IT teams with MadMxShell | ||
| Details | Website | 2024-04-11 | 94 | Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming | Recorded Future | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-02-26 | 32 | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections | ||
| Details | Website | 2024-02-26 | 32 | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-10-24 | 95 | Атаки на индустриальный и государственный секторы РФ | ||
| Details | Website | 2023-10-24 | 36 | Dealing with MITRE ATT&CK®’s different levels of detail | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-10-20 | 59 | Akira Stealer : An Undetected Python Based Info-stealer - CYFIRMA | ||
| Details | Website | 2023-10-16 | 106 | ClearFake: a newcomer to the "fake updates" threats landscape | ||
| Details | Website | 2023-10-05 | 6 | APT Profile: Dark Pink APT Group | ||
| Details | Website | 2023-10-04 | 33 | RMS Tool's Sneaky Comeback: Phishing Campaign Mirroring Banned Applications | ||
| Details | Website | 2023-10-03 | 23 | Statc Stealer: Decoding the Elusive Malware Threat | ||
| Details | Website | 2023-10-03 | 161 | JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech | ||
| Details | Website | 2023-09-26 | 34 | Analyzing Lu0Bot: A Node.js Malware with Vast Capabilities | ||
| Details | Website | 2023-09-21 | 21 | Multiple Command and Control (C2) Frameworks During Red Team Engagements | ||
| Details | Website | 2023-09-15 | 25 | Bumblebee Loader Resurfaces in New Campaign | ||
| Details | Website | 2023-09-14 | 35 | Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets | Deep Instinct | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 |