T1001.001: Junk Data

View on MITRE ATT&CK	T1001.001
Tactic(s)	Command and Control

Data from MITRE ATT&CK®:

Adversaries may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Reporting on this Technique

Report

KAPEKA A novel backdoor spotted in Eastern Europe

This report from researchers at WithSecure unveils a novel backdoor: 'Kapeka'. Kapeka has been used against victims in Eastern Europe ...

View Source

Mitigations for this technique

MITRE ATT&CK Mitigations

Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.

How to detect this technique

MITRE ATT&CK Data Components

Network Traffic Content (Network Traffic)

Logged network traffic data showing both protocol header and body values (ex: PCAP)

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
SC-7: Boundary Protection
CA-7: Continuous Monitoring
CM-2: Baseline Configuration
SI-4: System Monitoring
CM-6: Configuration Settings
AC-4: Information Flow Enforcement
SI-3: Malicious Code Protection