MITRE ATT&CK Technique
Command and Control
T1008
Description
Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.
Supported Platforms
Linux
Windows
macOS
ESXi
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2017-05-31T21:30:21.689Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may use fallback or alternate communication '
'channels if the primary channel is compromised or '
'inaccessible in order to maintain reliable command and '
'control and to avoid data transfer thresholds.',
'external_references': [{'external_id': 'T1008',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1008'},
{'description': 'Gardiner, J., Cova, M., Nagaraja, '
'S. (2014, February). Command & '
'Control Understanding, Denying and '
'Detecting. Retrieved April 20, 2016.',
'source_name': 'University of Birmingham C2',
'url': 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf'}],
'id': 'attack-pattern--f24faf46-3b26-4dbb-98f2-63460498e433',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'command-and-control'}],
'modified': '2025-10-24T17:49:35.854Z',
'name': 'Fallback Channels',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Linux', 'Windows', 'macOS', 'ESXi'],
'x_mitre_version': '1.1'}