TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- C2 protocol development
C2 protocol development
Command and Control (C2 or C&C) is a method by which the adversary communicates with malware. An adversary may use a variety of protocols and methods to execute C2 such as a centralized server, peer to peer, IRC, compromised web sites, or even social media. [1]
ID: T1352
Sub-techniques:
No sub-techniques
Tactic:
Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: C2 over commonly used and permitted protocols provides the necessary cover and access.
References
- FireEye. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved March 6, 2017.
×