216.73.217.22

T1001.002: Steganography

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/03/2026 01:12

Essential information

MITRE technique ID
T1001.002
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
27/03/2026 01:12
Author / Source
The MITRE Corporation

Aliases

T1001.002

Platforms

windows macos linux ESXi

Description

Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.

Kill chain phases

Kill chainPhase
mitre-attack command-and-control

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.