T1573.001 - Symmetric Cryptography - MITRE ATT&CK

T1573.001 - Symmetric Cryptography

Sub-technique

Tactics:
Command and Control

Platforms:
ESXi Linux macOS Network Devices +1

Detection:
Not specified

Description:

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.

Used by Actors (14)

DarkHotel
Nation-state

APT33
Nation-state

APT28
Nation-state

Lazarus Group
Nation-state

Stealth Falcon
Nation-state

MuddyWater
Nation-state

MUSTANG PANDA
Nation-state

Higaisa
Nation-state

Volt Typhoon
Unknown

Inception
Unknown

BRONZE BUTLER
Unknown

RedCurl
Unknown

Contagious Interview
Unknown

ZIRCONIUM
Unknown

Malware (20)

TrickBot other BLINDINGCAN other Ninja other Pikabot other Bumblebee other Torisma other Stuxnet other Downdelph other RotaJakiro other Sardonic other Emissary other KEYMARBLE other TAMECAT other CASTLETAP other RedLeaves other Felismus other Havoc other xCaon other PLAINTEE other Nebulae other

Metadata

MITRE ID:	T1573.001
STIX ID:	attack-pattern--24bfaeba-cb0d-...
Platforms:	ESXi, Linux, macOS, Network Devices, Windows
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00