T1001 - Data Obfuscation - MITRE ATT&CK - Cyber Threat Intelligence

T1001 - Data Obfuscation

Tactics:
Command and Control

Platforms:
ESXi Linux macOS Windows

Detection:
Not specified

Description:

Adversaries may obfuscate command and control traffic to make it more difficult to detect.(Citation: Bitdefender FunnyDream Campaign November 2020) Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.

Sub-techniques (3)

ID	ATT&CK	Actions
T1001.001	Junk Data
T1001.002	Steganography
T1001.003	Protocol or Service Impersonation

Used by Actors (1)

Gamaredon Group
Unknown

Malware (11)

Ninja other FlawedAmmyy other RDAT other Okrum other DarkGate other StrelaStealer other FRAMESTING other TrailBlazer other FunnyDream other SideTwist other SLOTHFULMEDIA other

Metadata

MITRE ID:	T1001
STIX ID:	attack-pattern--ad255bfe-a9e6-...
Platforms:	ESXi, Linux, macOS, Windows
Created:	13/01/2026 17:48
Updated:	21/04/2026 16:00