Home/ MITRE Matrix/ Command and Control/ T1573.002

T1573.002Asymmetric Cryptography

T1573.002 — Asymmetric Cryptography is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 9 detection use cases covering it and 7 threat-intel articles citing it.

Command and Control

View on the matrix → Filter Detection Library MITRE official spec ↗

9Use cases

7Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1573 · Encrypted Channel

Use cases covering this technique (9)

Cisco Secure Firewall - Blacklisted SSL Certificate Fingerprint ESCU actions · alerting P Cisco Secure Firewall - High EVE Threat Confidence ESCU actions · hunting P Cisco Secure Firewall - Intrusion Events by Threat Activity ESCU actions · hunting P Cisco Secure Firewall - Lumma Stealer Download Attempt ESCU actions · hunting P Cisco Secure Firewall - Lumma Stealer Outbound Connection Attempt ESCU actions · hunting P [LLM] AdaptixC2 'shadowcore' / Mythic C2 traffic to UAT-8616 infrastructure 194.163.175.135 Bespoke c2 · hunting DSΣPDDCS [LLM] TeamPCP C2 / exfil egress to models.litellm.cloud, checkmarx.zone and AS205759 nodes Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound DNS/HTTPS to TeamPCP exfil domain models.litellm.cloud (litellm PyPI compromise) Bespoke c2 · alerting DSΣPDDCS [LLM] PlugX C2 egress — connections to decoraat.net / decoorat.net / gesecole.net Bespoke c2 · alerting DSΣPDDCS

Articles citing this technique (7)

crit Webworm: New burrowing techniques art-240

crit Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities art-302

high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414

crit litellm: Credential Stealer Hidden in PyPI Wheel art-423

crit Sednit reloaded: Back in the trenches art-477

crit PlugX Meeting Invitation via MSBuild and GDATA art-503

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642