T1132.002: Non-Standard Encoding

View on MITRE ATT&CK T1132.002
Tactic(s) Command and Control

Data from MITRE ATT&CK®:

Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a non-standard data encoding system that diverges from existing protocol specifications. Non-standard data encoding schemes may be based on or related to standard data encoding schemes, such as a modified Base64 encoding for the message body of an HTTP request.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding)

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Reporting on this Technique

Report

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

This blog post from researchers at Trend Micro discusses the cyberespionage group Earth Hundun and its malware, Waterbear and Deuterbear, which ...

View Source
Report

Detailed Analysis of DarkGate

This post on Medium by S2W presents a technical analysis of DarkGate malware and the operator behind it. According to the report, DarkGate is a ...

View Source

Mitigations for this technique

MITRE ATT&CK Mitigations

How to detect this technique

MITRE ATT&CK Data Components

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
CM-6: Configuration Settings
SI-3: Malicious Code Protection
CA-7: Continuous Monitoring
AC-4: Information Flow Enforcement
SI-4: System Monitoring
SC-7: Boundary Protection
CM-2: Baseline Configuration