| ID | Name |
|---|---|
| ATAGS-T1184.001 | Junk Data |
| ATAGS-T1184.002 | Steganography |
| ATAGS-T1184.003 | Protocol or Service Impersonation |
Threat Actors may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, Threat Actors can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.