T1011.001 Exfiltration Over Bluetooth Mappings

Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel.

Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
CM-02 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-06 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-07 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-08 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
RA-05 Vulnerability Monitoring and Scanning Protects T1011.001 Exfiltration Over Bluetooth
SI-03 Malicious Code Protection Protects T1011.001 Exfiltration Over Bluetooth
SI-04 System Monitoring Protects T1011.001 Exfiltration Over Bluetooth