- Home
- Techniques
- Mobile
- Standard Cryptographic Protocol
Standard Cryptographic Protocol
Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.
Procedure Examples
Name | Description |
---|---|
eSurv |
eSurv’s Android version has used public key encryption and certificate pinning for C2 communication.[1] |
EventBot |
EventBot has encrypted base64-encoded payload data using RC4 and Curve25519.[2] |
Rotexy | |
Twitoor |
Mitigations
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Detection
Since data encryption is a common practice in many legitimate applications and uses standard programming language-specific APIs, encrypting data for command and control communication is undetectable to the user.