译者: 林妙倩、戴亦仑 原创翻译作品,如果需要转载请取得翻译作者同意。
数据来源:ATT&CK Matrices
原文: https://attack.mitre.org/techniques/T1532
术语表: /attack/glossary
Data is encrypted before being exfiltrated in order to hide the information that is being exfiltrated from detection or to make the exfiltration less conspicuous upon inspection by a defender. The encryption is performed by a utility, programming library, or custom algorithm on the data itself and is considered separate from any encryption performed by the command and control or file transfer protocol. Common file formats that can encrypt files are RAR and zip.
ID编号: T1532
战术类型: 事后访问设备
策略: 渗漏
平台: Android,iOS
名称 | 描述 |
Exodus(S0405) | Exodus(S0405) One在渗透之前使用XOR加密数据。 |
Name | Description |
Exodus(S0405) | Exodus(S0405) One encrypts data using XOR prior to exfiltration. |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Many encryption mechanisms are built into standard application-accessible APIs, and are therefore undetectable to the end user.