An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-07 | Continuous Monitoring | mitigates | T1030 | Data Transfer Size Limits | |
| CM-06 | Configuration Settings | mitigates | T1030 | Data Transfer Size Limits | |
| SI-03 | Malicious Code Protection | mitigates | T1030 | Data Transfer Size Limits | |
| CM-02 | Baseline Configuration | mitigates | T1030 | Data Transfer Size Limits | |
| SI-04 | System Monitoring | mitigates | T1030 | Data Transfer Size Limits | |
| AC-04 | Information Flow Enforcement | mitigates | T1030 | Data Transfer Size Limits | |
| SC-07 | Boundary Protection | mitigates | T1030 | Data Transfer Size Limits |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.malware.variety.Export data | Export data to another site or system | related-to | T1030 | Data Transfer Size Limits | |
| attribute.confidentiality.data_disclosure | None | related-to | T1030 | Data Transfer Size Limits |