T1001.002 - Steganography - MITRE ATT&CK - Cyber Threat Intelligence

T1001.002 - Steganography

Sub-technique

Tactics:
Command and Control

Platforms:
Linux macOS Windows ESXi

Detection:
Not specified

Description:

Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.

Used by Actors (1)

Axiom
Unknown

Malware (11)

HAMMERTOSS other ZeroT other RDAT other Duqu other LightNeuron other LunarMail other SUNBURST other Daserf other LunarWeb other Zox other Sliver tool

Metadata

MITRE ID:	T1001.002
STIX ID:	attack-pattern--eec23884-3fa1-...
Platforms:	Linux, macOS, Windows, ESXi
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00