Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. Tor utilizes "Onion Routing," in which messages are encrypted with multiple layers of encryption; at each step in the proxy network, the topmost layer is decrypted and the contents forwarded on to the next node until it reaches its destination. ^[1]

ID: S0183

Type: TOOL

Platforms: Linux, Windows, macOS

Version: 1.0

Created: 16 January 2018

Last Modified: 17 October 2018

Techniques Used

Domain	ID	Name	Use
Enterprise	T1188	Multi-hop Proxy	Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.^[1]
Enterprise	T1079	Multilayer Encryption	Tor encapsulates traffic in multiple layers of encryption.^[1]

Groups That Use This Software

ID	Name	References
G0016	APT29	^[2]

References

Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.

Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.

Tor

Enterprise Layer

Techniques Used

Groups That Use This Software

References