Home >
Enterprise >
Participants >
Secureworks >
Encrypted Channel (T1573)
|
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
1.A.4
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Symmetric Cryptography (T1573.001) |
|
||
3.B.5
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
11.A.15
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
Procedure
Used RC4 stream cipher to encrypt C2 (192.168.0.5) traffic
Criteria
Evidence that the network data sent over the C2 channel is encrypted
Procedure
Used HTTPS to encrypt C2 (192.168.0.5) traffic
Criteria
Evidence that the network data sent over the C2 channel is encrypted