T1052.001 Exfiltration over USB Mappings

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-6 Least Privilege Protects T1052.001 Exfiltration over USB
CM-2 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-6 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-8 System Component Inventory Protects T1052.001 Exfiltration over USB
MP-7 Media Use Protects T1052.001 Exfiltration over USB
RA-5 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SI-3 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-4 System Monitoring Protects T1052.001 Exfiltration over USB