Skip to content

T1521.001 Symmetric Cryptography

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic, rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, Blowfish, and RC4.

Item Value
ID T1521.001
Sub-techniques T1521.001, T1521.002
Tactics TA0037
Platforms Android, iOS
Version 1.0
Created 05 April 2022
Last Modified 05 April 2022

Procedure Examples

ID Name Description
S0478 EventBot EventBot has encrypted base64-encoded payload data using RC4 and Curve25519.3
S0411 Rotexy Rotexy encrypts JSON HTTP payloads with AES.2
S1055 SharkBot SharkBot can use RC4 to encrypt C2 payloads.1
G0112 Windshift Windshift has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.4