T1573.001 — Symmetric Cryptography

coverage gap

Technique

T1573.001

Tactics

Command and Control

MISP citations

0

KEV CVEs mapped

3

Community rules

0

thrunt rules

0

Upstream

https://attack.mitre.org/techniques/T1573/001

MITRE description

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.

KEV CVEs mapped to this technique

Per MITRE CTID's hand-curated KEV→ATT&CK mappings — these are the actively-exploited vulnerabilities behind this technique's KEV signal.

• CVE-2021-44077
• CVE-2021-40539
• CVE-2021-40449

Detection coverage

No detection coverage exists for this technique — no SigmaHQ community rule carries its tag and thrunt has not authored one yet. Techniques on this list are exactly where hand-authoring effort goes next; see the rollup for the full queue.

Signal counts reflect the current corpus snapshot: MISP citations are regex-extracted from CIRCL OSINT event text and galaxy tags; KEV mappings come from MITRE CTID; community coverage is the SigmaHQ rule inventory (core, emerging-threats, threat-hunting collections) at release —. Rule bodies are not mirrored — links go upstream.