C2 protocol development

Command and Control (C2 or C&C) is a method by which the adversary communicates with malware. An adversary may use a variety of protocols and methods to execute C2 such as a centralized server, peer to peer, IRC, compromised web sites, or even social media. [1]

ID: T1352
Sub-techniques:  No sub-techniques
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: C2 over commonly used and permitted protocols provides the necessary cover and access.

References

  1. FireEye. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved March 6, 2017.