Įlise exfiltrates data using cookie values that are Base64-encoded. Įbury has encoded C2 traffic in hexadecimal format. ĭown_new has the ability to base64 encode C2 communications. ĭnsSystem can Base64 encode data sent to C2. ĭenis encodes the data sent to the server in Base64. ĭaserf uses custom base64 encoding to obfuscate HTTP traffic. ĭarkWatchman encodes data using hexadecimal representation before sending it to the C2 server. ĬreepySnail can use Base64 to encode its C2 traffic. ĬORESHELL C2 messages are Base64-encoded. Ĭobian RAT obfuscates communications with the C2 server using Base64 encoding. Ĭobalt Strike can use Base64, URL-safe Base64, or NetBIOS encoding in its C2 traffic. ĬhChes can encode C2 data with a custom technique that utilizes Base64. ĬharmPower can send additional modules over C2 encoded with base64. Ĭhaes has used Base64 to encode C2 communications. Ĭarbanak encodes the message body of HTTP traffic with Base64.
īumblebee has the ability to base64 encode C2 server responses. īS2005 uses Base64 encoding for communication in the message body of an HTTP request.
Several BRONZE BUTLER tools encode data with base64 when posting it to a C2 server. īLINDINGCAN has encoded its C2 traffic with Base64. īisonal has encoded binary data with Base64 and ASCII. Some Backdoor.Oldrea samples use standard Base64 + bzip2, and some use standard Base64 + reverse XOR + RSA-2048 to decrypt data received from C2 servers. īabyShark has encoded data using certutil before exfiltration. ĪutoIt backdoor has sent a C2 response that was base64-encoded. Īstaroth encodes data using Base64 before sending it to the C2 server. ĪPT33 has used base64 to encode command and control traffic. Īn APT19 HTTP malware variant used Base64 to encode communications to the C2 server. C2 traffic from ADVSTORESHELL is encrypted, then encoded with Base64 encoding.
0 kommentar(er)
