T1573.002: T1573.002

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/03/2020 16:48 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID: T1573.002
Confidence: 100/100
Revoked: No
Published: 16/03/2020 16:48
Modified: 27/03/2026 01:11
Author / Source: The MITRE Corporation

Aliases

Asymmetric Cryptography

Platforms

windows macos linux Network Devices ESXi

Description

Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be freely distributed, and one private. Due to how the keys are generated, the sender encrypts data with the receiver’s public key and the receiver decrypts the data with their private key. This ensures that only the intended recipient can read the encrypted data. Common public key encryption algorithms include RSA and ElGamal. For efficiency, many protocols (including SSL/TLS) use symmetric cryptography once a connection is established, but use asymmetric cryptography to establish or transmit a key. As such, these protocols are classified as [Asymmetric Cryptography](https://attack.mitre.org/techniques/T1573/002).

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

SEI SSL Inspection Risks
SANS Decrypting SSL
mitre-attack (T1573.002)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (51)

Tropic Trooper uses Pirate PandaKeyBoy

The MITRE Corporation Confidence 100

[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
The Gentlemen uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
BladedFeline uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
SmartApeSG uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Earth Estries uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Qbot uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TaxOff uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TeamPCP uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Ghostwriter uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
RedCurl uses

The MITRE Corporation Confidence 100

[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Corlys uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FIN8 uses Syssphinx

The MITRE Corporation Confidence 100

[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology,…

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 5

1–12 of 51

COBEACON uses

Family
Shahmaran uses

Family
filecoauthx86.exe uses

Family
BianLian uses

Family
BlueLoader uses

Family
PsExec uses

Family
TorNet uses

Family
RemcosRAT uses

Family
PowerShell RAT uses

Family
Hi-Zor uses
Katz Stealer uses

Family
LummaC2 uses

Family

← Previous

Page / 7

25–36 of 77

Targets Education Sector with Oracle PeopleSoft Exploit related

AlienVault Confidence 100 1 CVE 20 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
Targeted espionage against Cambodian government entities related

AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
Technical Analysis of MLTBackdoor related

AlienVault Confidence 100 19 MITREs 1 Malware 34 IOCs 34 Observables
VerdantBamboo: Just Another BRICKSTORM in the Firewall related

19 MITREs 3 Malwares 32 Observables 1 APT
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
Latest PyPi Compromise related

AlienVault Confidence 100 20 MITREs 3 Malwares 9 IOCs 9 Observables 1 APT
TanStack npm Packages Compromised in Ongoing Supply-Chain Attack related

AlienVault Confidence 100 18 MITREs 3 Malwares 4 IOCs 4 Observables 1 APT
Analysis of Attack Activities Using SSH+TOR Tunnels to … related

AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables 1 APT
Attack Activity Analysis Using SSH+TOR Tunnels for Covert … related

19 MITREs 10 Observables 1 APT
Unmasking DPRK Cyber Threat Actors: Fake IT Worker … related

AlienVault Confidence 100 16 MITREs 3 IOCs 3 Observables 1 APT
The Gentlemen & SystemBC: A Sneak Peek Behind … related

46 MITREs 6 Malwares 27 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (27)

CVE-2023-23376

targets

CVE-2015-1548 targets

5.0 Medium

mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol …

Published: 10/02/2015
Modified: 07/05/2026

CWE-119

CVE-2026-21509 KEV targets

7.8 High

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could …

Attack vector: LOCAL
Published: 26/01/2026
Modified: 27/03/2026

Analyzed

CVE-2019-16098 targets

7.8 High

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, …

Attack vector: LOCAL
Published: 11/09/2019
Modified: 20/12/2025

CVE-2023-48788 KEV targets

9.8 Critical

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Attack vector: Network
Published: 25/03/2024
Modified: 21/12/2025

CVE-2026-39987 KEV targets

9.3 Critical

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication …

Attack vector: Network
Complexity: Low
Published: 09/04/2026
Modified: 29/04/2026

CWE-306 Received

CVE-2024-30051 targets

7.8 High

Windows DWM Core Library Elevation of Privilege Vulnerability

Published: 14/05/2024
Modified: 14/05/2024

Awaiting Analysis

CVE-2019-0859 KEV targets

Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel …

Published: 03/11/2021
Modified: 29/05/2026

CVE-2022-3236 KEV targets

9.8 Critical

A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Attack vector: Network
Published: 23/09/2022
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2025-12480 KEV targets

9.1 Critical

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after …

Attack vector: Network
Published: 12/11/2025
Modified: 21/12/2025

Analyzed

CVE-2025-3248 targets

9.8 Critical

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted …

Published: 07/04/2025
Modified: 07/04/2025

Received

← Previous

Page / 3

1–12 of 27

T1573 subtechnique-of

Encrypted Channel MITRE

Tool (2)

Sliver uses

The MITRE Corporation Confidence 100

[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional…
Remcos uses

The MITRE Corporation Confidence 100

[Remcos](https://attack.mitre.org/software/S0332) is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. [Remcos](https://attack.mitre.org/software/S0332) has been observed being used in…

Course Of Action (1)

SSL/TLS Inspection mitigates

Campaign (1)

C0021 uses

Contact About Legal notice Privacy policy Terms of use