EXPLORE
Sign In
← Back to Explore
T1132.001

Standard Encoding

Adversaries may encode data with a standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system that adheres to existing protocol specifications. Common data encoding schemes include ASCII, Unicode, hexadecimal, Base64, and MIME.(Citation: Wikipedia Binary-to-text Encoding)(Citation: Wikipedia Character Encoding) Some data encoding systems may also result in dat...

ESXiLinuxWindowsmacOS
5
Detections
2
Sources
11
Threat Actors

BY SOURCE

4sigma1elastic

PROCEDURES (5)

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Powershell1 detections

Auto-extracted: 1 detections for powershell

Base641 detections

Auto-extracted: 1 detections for base64

Base641 detections

Auto-extracted: 1 detections for base64

THREAT ACTORS (11)

APT19APT33APT42BRONZE BUTLERHAFNIUMLazarus GroupMuddyWaterPatchworkSandworm TeamTA551Tropic Trooper

DETECTIONS (5)

Base16 or Base32 Encoding/Decoding Activity
elasticmedium
DNS Exfiltration and Tunneling Tools Execution
sigmahigh
Gzip Archive Decode Via PowerShell
sigmamedium
Suspicious FromBase64String Usage On Gzip Archive - Process Creation
sigmamedium
Suspicious FromBase64String Usage On Gzip Archive - Ps Script
sigmamedium