T1001.002: Steganography

View on MITRE ATT&CK	T1001.002
Tactic(s)	Command and Control
Associated CAPEC Patterns	Hiding Malicious Data or Code within Files (CAPEC-636)

Data from MITRE ATT&CK®:

Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Mitigations for this technique

MITRE ATT&CK Mitigations

Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.

How to detect this technique

MITRE ATT&CK Data Components

Network Traffic Content (Network Traffic)

Logged network traffic data showing both protocol header and body values (ex: PCAP)

Control Validation Tests for this Technique

Use Atomic Red Team tests to test your defenses against this technique.

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
SI-3: Malicious Code Protection
CM-2: Baseline Configuration
AC-4: Information Flow Enforcement
SI-4: System Monitoring
CM-6: Configuration Settings
CA-7: Continuous Monitoring
SC-7: Boundary Protection