We're updating the issue view to help you get more done. 

Custom Cryptographic Protocol

Description

Adversaries may use a custom cryptographic protocol or algorithm to hide command and control traffic. A simple scheme, such as XOR-ing the plaintext with a fixed key, will produce a very weak ciphertext.

Custom encryption schemes may vary in sophistication. Analysis and reverse engineering of malware samples may be enough to discover the algorithm and encryption key used.

Some adversaries may also attempt to implement their own version of a well-known cryptographic algorithm instead of using a known implementation library, which may lead to unintentional errors. (Citation: F-Secure Cosmicduke)

id

T1024

tactic

command-and-control

datasources

Process monitoring
Netflow/Enclave netflow
Process use of network
Packet capture
Malware reverse engineering

maturity

Not Tracked

Assignee

Unassigned
Configure