Common, high volume protocols and software

Certain types of traffic (e.g., Twitter14, HTTP) are more commonly used than others. Utilizing more common protocols and software may make an adversary's traffic more difficult to distinguish from legitimate traffic. [1]

ID: T1321
Sub-techniques:  No sub-techniques
Tactic: Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: High level of entropy in communications. High volume of communications makes it extremely hard for a defender to distinguish between legitimate and adversary communications.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to decipher or to make the communication less conspicuous.


  1. Eric Chien and Gavin O’Gorman. (n.d.). The Nitro Attacks: Stealing Secrets from the Chemical Industry. Retrieved March 1, 2017.