The sub-techniques beta is now live! Read the release blog post for more info.


Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. Tor utilizes "Onion Routing," in which messages are encrypted with multiple layers of encryption; at each step in the proxy network, the topmost layer is decrypted and the contents forwarded on to the next node until it reaches its destination. [1]

ID: S0183
Type: TOOL
Platforms: Linux, Windows, macOS
Version: 1.0
Created: 16 January 2018
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1188 Multi-hop Proxy

Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.[1]

Enterprise T1079 Multilayer Encryption

Tor encapsulates traffic in multiple layers of encryption.[1]

Groups That Use This Software

ID Name References
G0016 APT29 [2]