- Home
- Techniques
- PRE-ATT&CK
- Obfuscation or cryptography
Obfuscation or cryptography
Obfuscation is the act of creating communications that are more difficult to understand. Encryption transforms the communications such that it requires a key to reverse the encryption. [1]
Procedure Examples
Name | Description |
---|---|
Cleaver |
Cleaver has used zhCat to encrypt traffic or use inline obfuscation to make detection more difficult. zhCat makes message traffic look benign.[2] |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Techniques and signatures are hard to detect. Advanced communications and exfiltration channels are nearly indistinguishable from background noise.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Known approaches include the use of cryptography for communications, rotating drops sites (such as random list of chat fora), and one-time [https://aws.amazon.com/s3/ Simple Storage Service (S3)] buckets, etc. All require sophisticated knowledge, infrastructure, and funding.
References
- FireEye, Inc. (2014). APT 28: A Window into Russia’s Cyber Espionage Operations?. Retrieved March 1, 2017.