T1567.001 Exfiltration to Code Repository Mappings

Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection.

Exfiltration to a code repository can also provide a significant amount of cover to the adversary if it is a popular service already used by hosts within the network.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-04 Information Flow Enforcement Protects T1567.001 Exfiltration to Code Repository
SC-07 Boundary Protection Protects T1567.001 Exfiltration to Code Repository