EXPLORE

← Back to Explore

T1573.002

Asymmetric Cryptography

Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be freely distributed, and one private. Due to how the keys are generated, the sender encrypts data with the receiver’s public key and the receiver decrypts the data with their private key. This ensures...

ESXiLinuxmacOSNetwork DevicesWindows

6

Detections

2

Sources

11

Threat Actors

BY SOURCE

5splunk_escu1elastic

PROCEDURES (5)

Event Log2 detections

Auto-extracted: 2 detections for event log

Download1 detections

Auto-extracted: 1 detections for download

Download1 detections

Auto-extracted: 1 detections for download

Encrypt1 detections

Auto-extracted: 1 detections for encrypt

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

THREAT ACTORS (11)

APT42 Cobalt Group FIN6 FIN8 Medusa Group OilRig RedCurl RedEcho TA2541 Tropic Trooper Velvet Ant

DETECTIONS (6)

Cisco Secure Firewall - Blacklisted SSL Certificate Fingerprint

Cisco Secure Firewall - High EVE Threat Confidence

Cisco Secure Firewall - Intrusion Events by Threat Activity

Cisco Secure Firewall - Lumma Stealer Download Attempt

Cisco Secure Firewall - Lumma Stealer Outbound Connection Attempt

Openssl Client or Server Activity