T1573.001: T1573.001

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID: T1573.001
Confidence: 100/100
Revoked: No
Published: 16/12/2025 19:37
Modified: 27/03/2026 01:08
Author / Source: The MITRE Corporation

Aliases

Symmetric Cryptography

Platforms

windows macos linux Network Devices ESXi

Description

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

mitre-attack (T1573.001)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (66)

APT33 uses HOLMIUMElfin

The MITRE Corporation Confidence 100

[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Prometei uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Coquettte uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Winnti uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TAOTH uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gamaredon uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Zloader uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
EvilAI uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
China-nexus APT uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Earth Baxia uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Andariel uses Silent ChollimaPLUTONIUM

The MITRE Corporation Confidence 100

[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…

First seen 01/01/1970 · Last seen 16/11/5138 ·
CL-STA-1020 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

1–12 of 66

Hikit uses
QUIC RAT uses

Family
Remcos uses

Family
NDiskMonitor uses
CoolClient uses

Family
GammaPhish uses

Family
Mafalda uses
Gazer uses
down_new uses
RTM uses
Stellar loader uses

Family
Interlock uses

Family

← Previous

Page / 11

1–12 of 122

KimJongRAT Continues to Evolve by Leveraging LOTS related

AlienVault Confidence 100 20 MITREs 2 Malwares 11 IOCs 7 Observables 1 APT
From PostCSS Masquerading to Windows RAT related

AlienVault Confidence 100 20 MITREs 9 IOCs 3 Observables
Popa: From Sourcing to Distribution related

AlienVault Confidence 100 8 MITREs 5 Malwares 200 IOCs 200 Observables
WebAssembly Malware Found in Trojanized Open VSX Extensions related

AlienVault Confidence 100 17 MITREs 1 Malware 12 IOCs 12 Observables 1 APT
OptinMonster supply chain attack hits 1.2 million sites related

AlienVault Confidence 100 20 MITREs 10 IOCs 10 Observables
Threat Actors Weaponize AI Hype to Deliver AsyncRAT related

AlienVault Confidence 100 19 MITREs 1 Malware 6 IOCs 6 Observables
From Malspam to Fileless .NET Loader related

1 CVE 20 MITREs 9 Observables
Old WinRAR Flaw Fuels Attacks on Ukraine: How … related

AlienVault Confidence 100 3 CVEs 16 MITREs 2 Malwares 53 IOCs 53 Observables 1 APT
Agentic AI Uncovers New China-Linked Cluster OP-512 related

AlienVault Confidence 100 19 MITREs 11 Malwares 7 IOCs 7 Observables 1 APT
ClickFix Is Now Hiring: From Job Platform Impersonation … related

AlienVault Confidence 100 18 MITREs 1 Malware 58 IOCs 58 Observables
Argamal: Malware hidden in hentai games related

1 CVE 19 MITREs 2 Malwares 2 Observables
TA4922: The Suspected Chinese Crime Group is Going … related

AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (41)

CVE-2024-42009 KEV targets

9.3 Critical

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim …

Attack vector: Network
Published: 09/06/2025
Modified: 21/12/2025

Received

CVE-2024-3809 targets

8.8 High

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 …

Attack vector: Network
Complexity: Low
Published: 14/05/2024
Modified: 08/04/2026

CWE-98 Awaiting Analysis

CVE-2025-41244 KEV targets

7.8 High

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges …

Attack vector: Local
Published: 30/10/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-6218 KEV targets

RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.

Published: 09/12/2025
Modified: 21/12/2025

CVE-2020-16040 targets

6.5 Medium

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a …

Attack vector: NETWORK
Published: 08/01/2021
Modified: 27/01/2026

CVE-2025-40551 KEV targets

9.8 Critical

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …

Attack vector: NETWORK
Published: 28/01/2026
Modified: 09/02/2026

Undergoing Analysis

CVE-2024-23109 targets

10.0 Critical

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …

Attack vector: Network
Published: 05/02/2024
Modified: 14/01/2026

CVE-2025-55182 KEV targets

10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector: Network
Published: 05/12/2025
Modified: 29/05/2026

Analyzed

CVE-2023-47784 targets

8.4 High

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.

Attack vector: NETWORK
Published: 20/12/2023
Modified: 21/12/2025

CVE-2026-1340 KEV targets

9.8 Critical

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Attack vector: NETWORK
Complexity: LOW
Published: 29/01/2026
Modified: 10/04/2026

CWE-94 Received

CVE-2025-8088 KEV targets

8.8 High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

CVE-2025-20337 KEV targets

10.0 Critical

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …

Attack vector: Network
Published: 28/07/2025
Modified: 21/12/2025

Analyzed

← Previous

Page / 4

1–12 of 41

T1573 subtechnique-of

Encrypted Channel MITRE

Tool (2)

QuasarRAT uses

The MITRE Corporation Confidence 100

[QuasarRAT](https://attack.mitre.org/software/S0262) is an open-source, remote access tool that has been publicly available on GitHub since at least 2014. [QuasarRAT](https://attack.mitre.org/software/S0262) is developed in the C# language.(Citation: GitHub QuasarRAT)(Citation: Volexity…
Sliver uses

The MITRE Corporation Confidence 100

[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional…

Campaign (1)

3CX Supply Chain Attack uses

Contact About Legal notice Privacy policy Terms of use