T1132: T1132

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 31/05/2017 23:31 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID: T1132
Confidence: 100/100
Revoked: No
Published: 31/05/2017 23:31
Modified: 27/03/2026 01:11
Author / Source: The MITRE Corporation

Aliases

Data Encoding

Platforms

windows macos linux ESXi

Description

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

Wikipedia Binary-to-text Encoding
Wikipedia Character Encoding
mitre-attack (T1132)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (61)

Storm-0249 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
MuddyWater uses Earth VetalaStatic Kitten

The MITRE Corporation Confidence 100

[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…

First seen 01/01/1970 · Last seen 16/11/5138 ·
TA585 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
NET_PA1N Reborn uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mallox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Punishing Owl uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
GreenSpot uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Batavia uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
NewsPenguin uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gleaming Pisces uses UNC1720UNC4736

The MITRE Corporation Confidence 100

[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…

First seen 01/01/1970 · Last seen 16/11/5138 ·
UNK_SmudgedSerpent uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
El Machete, Lyceum, SideWinder uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

1–12 of 61

PolarEdge uses

Family
LummaC2 uses

Family
PhonyC2 uses

Family
NedDnLoader uses

Family
DEMODEX uses

Family
Tomiris Go ReverseSocks uses

Family
GodRAT uses

Family
TutClient uses
Zagrebator.Dropper uses

Family
ServiceChanger uses

Family
BADNEWS uses
CookiePlus uses

Family

← Previous

Page / 7

13–24 of 79

Payouts King Ransomware Initial Access Broker Deploys New … related

AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
Invisible Sting: Over 4000 Outdated Routers Compromised by … related

AlienVault Confidence 100 3 CVEs 20 MITREs 1 Malware 23 IOCs 23 Observables
Investigation of email-based attack delivering MediaFire ZIP file … related

AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
The Devil, Eight Million Emails, and a Whole … related

AlienVault Confidence 100 16 MITREs 14 IOCs 14 Observables
Travel Phishing and Cyber Attacks are Surging in … related

16 MITREs
A First Look at a New Post-Exploitation Red … related

20 MITREs 1 Malware 1 Observable
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics … related

AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
Impersonation, Click Hijacking, and TDS: Inside a Malware … related

AlienVault Confidence 100 20 MITREs 3 Malwares 64 IOCs 64 Observables
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
RemotePE: The Lazarus RAT that lives in memory related

20 MITREs 6 Malwares 10 Observables 1 APT
Infostealer Campaign Using Trading App as Lure related

20 MITREs 2 Malwares 4 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (76)

CVE-2025-24016 KEV targets

9.9 Critical

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to …

Attack vector: Network
Published: 10/06/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-1182 targets

7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector: LOCAL
Complexity: High
Published: 04/07/2024
Modified: 08/04/2026

CWE-427 Received

CVE-2024-20399 KEV targets

6.0 Medium

Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute …

Attack vector: Local
Published: 02/07/2024
Modified: 21/12/2025

CVE-2020-1380 KEV targets

7.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Attack vector: LOCAL
Published: 03/11/2021
Modified: 26/02/2026

CVE-2017-0213 KEV targets

7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector: LOCAL
Complexity: LOW
Published: 12/05/2017
Modified: 22/04/2026

CVE-2025-53690 KEV targets

9.0 Critical

Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the …

Attack vector: Network
Published: 04/09/2025
Modified: 21/12/2025

CVE-2025-49706 KEV targets

6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

CVE-2026-22769 KEV targets

10.0 Critical

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated …

Attack vector: NETWORK
Published: 17/02/2026
Modified: 22/02/2026

Analyzed

CVE-2023-1389 KEV targets

8.8 High

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.

Attack vector: Adjacent
Published: 01/05/2023
Modified: 21/12/2025

CVE-2025-53770 KEV targets

9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector: Network
Published: 20/07/2025
Modified: 21/12/2025

Analyzed

CVE-2016-5681 targets

9.8 Critical

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before …

Attack vector: Network
Complexity: Low
Published: 25/08/2016
Modified: 17/06/2026

CWE-119

← Previous

Page / 7

37–48 of 76

Mythic uses

The MITRE Corporation Confidence 100

[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…

Contact About Legal notice Privacy policy Terms of use

T1132: T1132

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (61)

Malware (79)

Reports (50)

Vulnerabilities (CVE) (76)

Tool (1)