Encoding is the process of putting a sequence of characters (letters, numbers, punctuation, and certain symbols) into a specialized format for efficient transmission or storage.

Attackers may use encoding to obfuscate the data being transferred to thwart security controls from reading/interpreting the data in transit.

Common types

• XOR
• Base64
• ROT13

Malware/Threat actors

Name	Type	Years	Source
NetTraveler
Dukes	ThreatActor	2008-2015	dukes_whitepaper.pdf
Poison Ivy	malware	2005-2013	fireeye-poison-ivy-report.pdf
ZxShell	malware	2004-2014	</a>
DragonFly	threat actor	2011-2014	Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf
Lazarus Group	threat actor	2011-2014	Operation-Blockbuster-Report.pdf Operation-Blockbuster-RAT-and-Staging-Report.pdf Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf Operation-Blockbuster-Destructive-Malware-Report.pdf
CARBANAK	threat actor	2017	paper_the-shadows-of-ghosts-carbanak-report.pdf stamp.jsp?tp=&arnumber=7460498&tag=1

Preventions

<Mitigation techniques>

Detections

<Detection techniques>

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

• Anonymous services
• Public services
• Encryption
• Custom protocol
• Custom obfuscation
• Compression

References

• encoding and decoding