1. Home
  2. Software
  3. Tor

Tor

Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. Tor utilizes "Onion Routing," in which messages are encrypted with multiple layers of encryption; at each step in the proxy network, the topmost layer is decrypted and the contents forwarded on to the next node until it reaches its destination. [1]

ID: S0183
Type: TOOL
Platforms: Linux, Windows, macOS
Version: 1.1
Created: 16 January 2018
Last Modified: 13 May 2020
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1573 .002 Encrypted Channel: Asymmetric Cryptography

Tor encapsulates traffic in multiple layers of encryption, using TLS by default.[1]
Enterprise T1090 .003 Proxy: Multi-hop Proxy

Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.[1]

Groups That Use This Software

ID Name References
G0132 CostaRicto

[2]
G0007 APT28

[3]
G0016 APT29

[4]
G0065 Leviathan

[5]

References

  1. Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.
  2. The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
  3. NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.
  1. Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.
  2. CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.