Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.Use of stolen creds | Use of stolen or default authentication credentials (including credential stuffing) | related-to | T1041 | Exfiltration Over C2 Channel | |
| attribute.confidentiality.data_disclosure | Confirmed or potential data disclosure | related-to | T1041 | Exfiltration Over C2 Channel |