Traffic Signaling (T1205)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Defense Evasion
  • Persistence
  • Command And Control

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021. Bleeping Computer - Ryuk WoL
AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021. AMD Magic Packet
Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved October 19, 2020. Mandiant - Synful Knock
Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020. Cisco Synful Knock Evolution
Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018. Hartrell cd00r 2002
Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020. Cisco Blog Legacy Device Attacks
Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021. GitLab WakeOnLAN