T1029 Scheduled Transfer Mappings

Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This could be done to blend traffic patterns with normal activity or availability.

When scheduled exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as Exfiltration Over C2 Channel or Exfiltration Over Alternative Protocol.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1029 Scheduled Transfer
CA-7 Continuous Monitoring Protects T1029 Scheduled Transfer
CM-2 Baseline Configuration Protects T1029 Scheduled Transfer
CM-6 Configuration Settings Protects T1029 Scheduled Transfer
SC-7 Boundary Protection Protects T1029 Scheduled Transfer
SI-3 Malicious Code Protection Protects T1029 Scheduled Transfer
SI-4 System Monitoring Protects T1029 Scheduled Transfer
action.malware.variety.Export data Export data to another site or system related-to T1029 Scheduled Transfer
amazon_guardduty Amazon GuardDuty technique_scores T1029 Scheduled Transfer