Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. Tor utilizes "Onion Routing," in which messages are encrypted with multiple layers of encryption; at each step in the proxy network, the topmost layer is decrypted and the contents forwarded on to the next node until it reaches its destination. ^[1]

ID: S0183

Type: TOOL

Platforms: Linux, Windows, macOS

Version: 1.1

Created: 16 January 2018

Last Modified: 13 May 2020

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Enterprise	T1573	.002	Encrypted Channel: Asymmetric Cryptography	Tor encapsulates traffic in multiple layers of encryption, using TLS by default.^[1]
Enterprise	T1090	.003	Proxy: Multi-hop Proxy	Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.^[1]

Groups That Use This Software

ID	Name	References
G0016	APT29	^[2]

References

Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.

Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.

Tor

Enterprise Layer

Techniques Used

Groups That Use This Software

References