T1011 Exfiltration Over Other Network Medium Mappings

Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the command and control network is a wired Internet connection, the exfiltration may occur, for example, over a WiFi connection, modem, cellular data connection, Bluetooth, or another radio frequency (RF) channel.

Adversaries may choose to do this if they have sufficient access or proximity, and the connection might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
CM-6 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-7 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
SI-4 System Monitoring Protects T1011 Exfiltration Over Other Network Medium
action.malware.variety.Export data Export data to another site or system related-to T1011 Exfiltration Over Other Network Medium

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1011.001 Exfiltration Over Bluetooth 9