The adversary is trying to steal data. Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.
View in MITRE ATT&CK®| Technique ID | Technique Name | Number of Mappings | Number of Subtechniques |
|---|---|---|---|
| T1567 | Exfiltration Over Web Service | 28 | 4 |
| T1029 | Scheduled Transfer | 14 | 0 |
| T1011 | Exfiltration Over Other Network Medium | 11 | 1 |
| T1020 | Automated Exfiltration | 11 | 1 |
| T1041 | Exfiltration Over C2 Channel | 35 | 0 |
| T1048 | Exfiltration Over Alternative Protocol | 52 | 3 |
| T1030 | Data Transfer Size Limits | 15 | 0 |
| T1537 | Transfer Data to Cloud Account | 37 | 0 |
| T1052 | Exfiltration Over Physical Medium | 27 | 1 |