T1020 Automated Exfiltration Mappings

Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.

When automated exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as Exfiltration Over C2 Channel and Exfiltration Over Alternative Protocol.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.malware.variety.Export data Export data to another site or system related-to T1020 Automated Exfiltration
aws_config AWS Config technique_scores T1020 Automated Exfiltration
amazon_guardduty Amazon GuardDuty technique_scores T1020 Automated Exfiltration
aws_iot_device_defender AWS IoT Device Defender technique_scores T1020 Automated Exfiltration

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1020.001 Traffic Duplication 15