T1132.002 - Non-Standard Encoding - MITRE ATT&CK

T1132.002 - Non-Standard Encoding

Sub-technique

Tactics:
Command and Control

Platforms:
ESXi Linux macOS Windows

Detection:
Not specified

Description:

Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a non-standard data encoding system that diverges from existing protocol specifications. Non-standard data encoding schemes may be based on or related to standard data encoding schemes, such as a modified Base64 encoding for the message body of an HTTP request.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding)

Malware (16)

Ninja other Bankshot other TONESHELL other OceanSalt other InvisiMole other RDAT other CHIMNEYSWEEP other Uroburos other NightClub other Cyclops Blink other Neo-reGeorg other PowGoop other ShadowPad other Lizar other BACKSPACE other Small Sieve other

Metadata

MITRE ID:	T1132.002
STIX ID:	attack-pattern--d467bc38-284b-...
Platforms:	ESXi, Linux, macOS, Windows
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00