T1001: Data Obfuscation

View on MITRE ATT&CK	T1001
Tactic(s)	Command and Control

Data from MITRE ATT&CK®:

Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Reporting on this Technique

Report

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Blog post from researchers at Trend Micro discussing Earth Lusca and potential links to Chinese contractor I-Soon. Earth Lusca is a China-linked ...

View Source

Mitigations for this technique

MITRE ATT&CK Mitigations

Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.

How to detect this technique

MITRE ATT&CK Data Components

Network Traffic Content (Network Traffic)

Logged network traffic data showing both protocol header and body values (ex: PCAP)

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
CM-2: Baseline Configuration
CA-7: Continuous Monitoring
AC-4: Information Flow Enforcement
SI-3: Malicious Code Protection
SI-4: System Monitoring
CM-6: Configuration Settings
SC-7: Boundary Protection