Home
ATT&CK Techniques
T1052.001 Exfiltration over USB

T1052.001 Exfiltration over USB Mappings

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
action.malware.variety.Export data	Export data to another site or system	related-to	T1052.001	Exfiltration Over Physical Medium: Exfiltration over USB
attribute.confidentiality.data_disclosure	None	related-to	T1052.001	Exfiltration Over Physical Medium: Exfiltration over USB