216.73.216.226

T1001.001: Junk Data

View on MITRE ATT&CK The MITRE Corporation · Published 15/03/2020 01:30 · Modified 27/03/2026 01:12

Essential information

MITRE technique ID
T1001.001
Confidence
100/100
Revoked
No
Published
15/03/2020 01:30
Modified
27/03/2026 01:12
Author / Source
The MITRE Corporation

Aliases

T1001.001

Platforms

windows macos linux ESXi

Description

Adversaries may add junk data to protocols used for command and control to make detection more difficult.(Citation: FireEye SUNBURST Backdoor December 2020) By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.

Kill chain phases

Kill chainPhase
mitre-attack command-and-control

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.