We're updating the issue view to help you get more done. 

Standard Cryptographic Protocol

Description

Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.

id

T1032

tactic

command-and-control

datasources

Process monitoring
SSL/TLS inspection
Netflow/Enclave netflow
Process use of network
Packet capture
Malware reverse engineering

maturity

Not Tracked

Assignee

Unassigned
Configure