T1041 Exfiltration Over C2 Channel Mappings

Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1041 Exfiltration Over C2 Channel
AC-2 Account Management Protects T1041 Exfiltration Over C2 Channel
AC-20 Use of External Systems Protects T1041 Exfiltration Over C2 Channel
AC-23 Data Mining Protection Protects T1041 Exfiltration Over C2 Channel
AC-3 Access Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-4 Information Flow Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-6 Least Privilege Protects T1041 Exfiltration Over C2 Channel
CA-3 Information Exchange Protects T1041 Exfiltration Over C2 Channel
CA-7 Continuous Monitoring Protects T1041 Exfiltration Over C2 Channel
SA-8 Security and Privacy Engineering Principles Protects T1041 Exfiltration Over C2 Channel
SA-9 External System Services Protects T1041 Exfiltration Over C2 Channel
SC-13 Cryptographic Protection Protects T1041 Exfiltration Over C2 Channel
SC-28 Protection of Information at Rest Protects T1041 Exfiltration Over C2 Channel
SC-31 Covert Channel Analysis Protects T1041 Exfiltration Over C2 Channel
SC-7 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SI-3 Malicious Code Protection Protects T1041 Exfiltration Over C2 Channel
SI-4 System Monitoring Protects T1041 Exfiltration Over C2 Channel
SR-4 Provenance Protects T1041 Exfiltration Over C2 Channel
action.malware.variety.Export data Export data to another site or system related-to T1041 Exfiltration Over C2 Channels
attribute.confidentiality.data_disclosure related-to T1041 Exfiltration Over C2 Channels