Skip to content

T1521 Encrypted Channel

Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.

Item Value
ID T1521
Sub-techniques T1521.001, T1521.002
Tactics TA0037
Platforms Android, iOS
Version 2.0
Created 01 October 2019
Last Modified 05 April 2022

Procedure Examples

ID Name Description
S0302 Twitoor Twitoor encrypts its C2 communication.1