216.73.216.109

T1521: Encrypted Channel

View on MITRE ATT&CK The MITRE Corporation · Published 17/12/2025 22:48 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1521
Confidence
100/100
Revoked
No
Published
17/12/2025 22:48
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Aliases

T1521

Platforms

android iOS

Description

Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.

Kill chain phases

Kill chainPhase
mitre-mobile-attack command-and-control

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.