Home
ATT&CK Techniques
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol

T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol Mappings

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.

Adversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). This may include custom or publicly available encoding/compression algorithms (such as base64) as well as embedding data within protocol headers and fields.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-2	Account Management	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-20	Use of External Systems	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-23	Data Mining Protection	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-3	Access Enforcement	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-4	Information Flow Enforcement	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-6	Least Privilege	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CA-3	Information Exchange	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CA-7	Continuous Monitoring	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-2	Baseline Configuration	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-6	Configuration Settings	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-7	Least Functionality	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SA-8	Security and Privacy Engineering Principles	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SA-9	External System Services	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-13	Cryptographic Protection	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-28	Protection of Information at Rest	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-31	Covert Channel Analysis	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-46	Cross Domain Policy Enforcement	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-7	Boundary Protection	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-10	Information Input Validation	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-15	Information Output Filtering	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-3	Malicious Code Protection	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-4	System Monitoring	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SR-4	Provenance	Protects	T1048.003	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
action.malware.variety.Export data	Export data to another site or system	related-to	T1048.003	Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol
attribute.confidentiality.data_disclosure		related-to	T1048.003	Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol