T1573.001: T1573.001

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/03/2020 16:45 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID: T1573.001
Confidence: 100/100
Revoked: No
Published: 16/03/2020 16:45
Modified: 27/03/2026 01:08
Author / Source: The MITRE Corporation

Aliases

Symmetric Cryptography

Platforms

windows macos linux Network Devices ESXi

Description

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

mitre-attack (T1573.001)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (57)

HoneyMyte uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Bitter uses T-APT-17

The MITRE Corporation Confidence 100

[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
UNC4034 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Lampion uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
SloppyLemming uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Grandoreiro uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
OP-512 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-26 (Lazarus) related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-28 (ScarCruft) related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT31 related Violet TyphoonZIRCONIUM

The MITRE Corporation Confidence 100

[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT37 related InkySquidGroup123

The MITRE Corporation Confidence 100

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT41 related Wicked PandaBrass Typhoon

The MITRE Corporation Confidence 100

[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 5

13–24 of 57

Hikit uses
QUIC RAT uses

Family
Remcos uses

Family
NDiskMonitor uses
CoolClient uses

Family
GammaPhish uses

Family
Mafalda uses
Gazer uses
down_new uses
RTM uses
Stellar loader uses

Family
Interlock uses

Family

← Previous

Page / 7

1–12 of 79

KimJongRAT Continues to Evolve by Leveraging LOTS related

AlienVault Confidence 100 20 MITREs 2 Malwares 11 IOCs 7 Observables 1 APT
From PostCSS Masquerading to Windows RAT related

AlienVault Confidence 100 20 MITREs 9 IOCs 3 Observables
Popa: From Sourcing to Distribution related

AlienVault Confidence 100 8 MITREs 5 Malwares 200 IOCs 200 Observables
WebAssembly Malware Found in Trojanized Open VSX Extensions related

AlienVault Confidence 100 17 MITREs 1 Malware 12 IOCs 12 Observables 1 APT
OptinMonster supply chain attack hits 1.2 million sites related

AlienVault Confidence 100 20 MITREs 10 IOCs 10 Observables
Threat Actors Weaponize AI Hype to Deliver AsyncRAT related

AlienVault Confidence 100 19 MITREs 1 Malware 6 IOCs 6 Observables
From Malspam to Fileless .NET Loader related

1 CVE 20 MITREs 9 Observables
Old WinRAR Flaw Fuels Attacks on Ukraine: How … related

AlienVault Confidence 100 3 CVEs 16 MITREs 2 Malwares 53 IOCs 53 Observables 1 APT
Agentic AI Uncovers New China-Linked Cluster OP-512 related

AlienVault Confidence 100 19 MITREs 11 Malwares 7 IOCs 7 Observables 1 APT
ClickFix Is Now Hiring: From Job Platform Impersonation … related

AlienVault Confidence 100 18 MITREs 1 Malware 58 IOCs 58 Observables
Argamal: Malware hidden in hentai games related

1 CVE 19 MITREs 2 Malwares 2 Observables
TA4922: The Suspected Chinese Crime Group is Going … related

AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (51)

CVE-2024-42009 KEV targets

9.3 Critical

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim …

Attack vector: Network
Published: 09/06/2025
Modified: 21/12/2025

Received

CVE-2024-3809 targets

8.8 High

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 …

Attack vector: Network
Complexity: Low
Published: 14/05/2024
Modified: 08/04/2026

CWE-98 Awaiting Analysis

CVE-2025-41244 KEV targets

7.8 High

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges …

Attack vector: Local
Published: 30/10/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-6218 KEV targets

RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.

Published: 09/12/2025
Modified: 21/12/2025

CVE-2020-16040 targets

6.5 Medium

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a …

Attack vector: NETWORK
Published: 08/01/2021
Modified: 27/01/2026

CVE-2025-40551 KEV targets

9.8 Critical

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …

Attack vector: NETWORK
Published: 28/01/2026
Modified: 09/02/2026

Undergoing Analysis

CVE-2024-23109 targets

10.0 Critical

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …

Attack vector: Network
Published: 05/02/2024
Modified: 14/01/2026

CVE-2025-55182 KEV targets

10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector: Network
Published: 05/12/2025
Modified: 29/05/2026

Analyzed

CVE-2022-41082 KEV targets

8.0 High

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 …

Attack vector: Adjacent
Published: 30/09/2022
Modified: 20/12/2025

CVE-2022-40684 KEV targets

9.8 Critical

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …

Attack vector: Network
Published: 11/10/2022
Modified: 14/01/2026

CVE-2021-27076

targets

CVE-2024-21762 KEV targets

9.8 Critical

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP …

Attack vector: Network
Published: 09/02/2024
Modified: 21/12/2025

← Previous

Page / 5

1–12 of 51

T1573 subtechnique-of

Encrypted Channel MITRE

Tool (2)

QuasarRAT uses

The MITRE Corporation Confidence 100

[QuasarRAT](https://attack.mitre.org/software/S0262) is an open-source, remote access tool that has been publicly available on GitHub since at least 2014. [QuasarRAT](https://attack.mitre.org/software/S0262) is developed in the C# language.(Citation: GitHub QuasarRAT)(Citation: Volexity…
Sliver uses

The MITRE Corporation Confidence 100

[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional…

Contact About Legal notice Privacy policy Terms of use