T1001.001 - Junk Data - MITRE ATT&CK - Cyber Threat Intelligence

T1001.001 - Junk Data

Sub-technique

Tactics:
Command and Control

Platforms:
ESXi Linux macOS Windows

Detection:
Not specified

Description:

Adversaries may add junk data to protocols used for command and control to make detection more difficult.(Citation: FireEye SUNBURST Backdoor December 2020) By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.

Used by Actors (1)

APT28
Nation-state

Malware (16)

Downdelph other UPSTYLE other Turian other WellMess other GoldMax other BeaverTail other P8RAT other Mori other BendyBear other Uroburos other SUNBURST other P2P ZeuS other PLEAD other TrailBlazer other GrimAgent other Kevin other

Metadata

MITRE ID:	T1001.001
STIX ID:	attack-pattern--f7c0689c-4dbd-...
Platforms:	ESXi, Linux, macOS, Windows
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00