T1132: Data Encoding

View on MITRE ATT&CK	T1132
Tactic(s)	Command and Control

Data from MITRE ATT&CK®:

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Reporting on this Technique

Report

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Blog post from researchers at Trend Micro discussing Earth Lusca and potential links to Chinese contractor I-Soon. Earth Lusca is a China-linked ...

View Source

Mitigations for this technique

MITRE ATT&CK Mitigations

Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.

How to detect this technique

MITRE ATT&CK Data Components

Network Traffic Content (Network Traffic)

Logged network traffic data showing both protocol header and body values (ex: PCAP)

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
AC-4: Information Flow Enforcement
CM-6: Configuration Settings
CA-7: Continuous Monitoring
SI-4: System Monitoring
SC-7: Boundary Protection
CM-2: Baseline Configuration
SI-3: Malicious Code Protection