T1567.003 Exfiltration to Text Storage Sites Mappings

Adversaries may exfiltrate data to text storage sites instead of their primary command and control channel. Text storage sites, such as <code>pastebin[.]com</code>, are commonly used by developers to share code and other information.

Text storage sites are often used to host malicious code for C2 communication (e.g., Stage Capabilities), but adversaries may also use these sites to exfiltrate collected data. Furthermore, paid features and encryption options may allow adversaries to conceal and store data more securely.(Citation: Pastebin EchoSec)

Note: This is distinct from Exfiltration to Code Repository, which highlight access to code repositories via APIs.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-07 Boundary Protection Protects T1567.003 Exfiltration to Text Storage Sites
AC-17 Remote Access Protects T1567.003 Exfiltration to Text Storage Sites
AC-04 Information Flow Enforcement Protects T1567.003 Exfiltration to Text Storage Sites