T1132: T1132

Search IOCs, vulnerabilities, APT…

216.73.216.36

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 31/05/2017 23:31 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID: T1132
Confidence: 100/100
Revoked: No
Published: 31/05/2017 23:31
Modified: 27/03/2026 01:11
Author / Source: The MITRE Corporation

Aliases

Data Encoding

Platforms

windows macos linux ESXi

Description

Adversaries may encode data to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system. Use of data encoding may adhere to existing protocol specifications and includes use of ASCII, Unicode, Base64, MIME, or other binary-to-text and character encoding systems.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

Wikipedia Binary-to-text Encoding
Wikipedia Character Encoding
mitre-attack (T1132)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (61)

Storm-0249 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
MuddyWater uses Earth VetalaStatic Kitten

The MITRE Corporation Confidence 100

[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…

First seen 01/01/1970 · Last seen 16/11/5138 ·
TA585 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
NET_PA1N Reborn uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mallox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Punishing Owl uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
GreenSpot uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Batavia uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
NewsPenguin uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gleaming Pisces uses UNC1720UNC4736

The MITRE Corporation Confidence 100

[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…

First seen 01/01/1970 · Last seen 16/11/5138 ·
UNK_SmudgedSerpent uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
El Machete, Lyceum, SideWinder uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

1–12 of 61

Dozer uses

Family
InvisibleFerret uses

Family
Korplug uses

The MITRE Corporation Confidence 100

[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Bumblebee uses
Heyoka uses
Hiloti uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
OMServerService.vbs uses

Family
ANDROMEDA - S1074 uses

Family
PlugX - S0013 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TrickBot - S0266 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FatalRAT uses

Family
UyghurEditPP backdoor uses

Family

← Previous

Page / 7

25–36 of 79

Payouts King Ransomware Initial Access Broker Deploys New … related

AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
Invisible Sting: Over 4000 Outdated Routers Compromised by … related

AlienVault Confidence 100 3 CVEs 20 MITREs 1 Malware 23 IOCs 23 Observables
Investigation of email-based attack delivering MediaFire ZIP file … related

AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
The Devil, Eight Million Emails, and a Whole … related

AlienVault Confidence 100 16 MITREs 14 IOCs 14 Observables
Travel Phishing and Cyber Attacks are Surging in … related

16 MITREs
A First Look at a New Post-Exploitation Red … related

20 MITREs 1 Malware 1 Observable
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics … related

AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
Impersonation, Click Hijacking, and TDS: Inside a Malware … related

AlienVault Confidence 100 20 MITREs 3 Malwares 64 IOCs 64 Observables
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
RemotePE: The Lazarus RAT that lives in memory related

20 MITREs 6 Malwares 10 Observables 1 APT
Infostealer Campaign Using Trading App as Lure related

20 MITREs 2 Malwares 4 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (76)

CVE-2025-31324 KEV targets

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

CVE-2023-38831 KEV targets

7.8 High

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …

Attack vector: Local
Published: 24/08/2023
Modified: 27/05/2026

CVE-2026-0628 targets

8.8 High

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a …

Attack vector: NETWORK
Published: 07/01/2026
Modified: 09/03/2026

Undergoing Analysis

CVE-2024-7587 targets

7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector: Local
Published: 23/10/2024
Modified: 09/01/2026

Analyzed

CVE-2021-34523 KEV targets

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Published: 03/11/2021
Modified: 20/12/2025

CVE-2024-53870 targets

3.3 Low

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by …

Attack vector: LOCAL
Published: 25/02/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-11837 targets

8.1 High

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the …

Attack vector: NETWORK
EPSS: 0.0013 (P33.0%)
Published: 02/01/2026
Modified: 17/06/2026

Awaiting Analysis

CVE-2022-22947 KEV targets

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Published: 16/05/2022
Modified: 20/12/2025

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

CVE-2024-1709 KEV targets

10.0 Critical

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …

Attack vector: Network
Published: 22/02/2024
Modified: 28/02/2026

CVE-2024-3400 KEV targets

10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector: Network
Published: 12/04/2024
Modified: 21/12/2025

CVE-2023-36884 KEV targets

7.5 High

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a …

Attack vector: Network
Published: 17/07/2023
Modified: 27/05/2026

← Previous

Page / 7

49–60 of 76

Mythic uses

The MITRE Corporation Confidence 100

[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…

Contact About Legal notice Privacy policy Terms of use

T1132: T1132

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (61)

Malware (79)

Reports (50)

Vulnerabilities (CVE) (76)

Tool (1)