Details

    • Type: Task
    • Status: To Do
    • Priority: Medium
    • Resolution: Unresolved
    • Labels:
      None
    • datasources:
      Process monitoring, Netflow/Enclave netflow, Process use of network, Packet capture, Malware reverse engineering
    • id:
      T1024
    • tactic:
      command-and-control
    • maturity:
      Not Tracked

      Description

      Adversaries may use a custom cryptographic protocol or algorithm to hide command and control traffic. A simple scheme, such as XOR-ing the plaintext with a fixed key, will produce a very weak ciphertext.

      Custom encryption schemes may vary in sophistication. Analysis and reverse engineering of malware samples may be enough to discover the algorithm and encryption key used.

      Some adversaries may also attempt to implement their own version of a well-known cryptographic algorithm instead of using a known implementation library, which may lead to unintentional errors. (Citation: F-Secure Cosmicduke)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Mauricio V.
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: