T1001.001: Junk Data
Essential information
- MITRE technique ID
T1001.001- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 01:30
- Modified
- 27/03/2026 01:12
- Author / Source
- The MITRE Corporation
Aliases
T1001.001
Platforms
windows macos linux ESXi
Description
Adversaries may add junk data to protocols used for command and control to make detection more difficult.(Citation: FireEye SUNBURST Backdoor December 2020) By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.