T1041 Exfiltration Over C2 Channel Mappings

Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1041 Exfiltration Over C2 Channel
CA-7 Continuous Monitoring Protects T1041 Exfiltration Over C2 Channel
SC-7 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SI-3 Malicious Code Protection Protects T1041 Exfiltration Over C2 Channel
SI-4 System Monitoring Protects T1041 Exfiltration Over C2 Channel
action.malware.variety.Export data Export data to another site or system related-to T1041 Exfiltration Over C2 Channels
amazon_guardduty Amazon GuardDuty technique_scores T1041 Exfiltration Over C2 Channel
aws_iot_device_defender AWS IoT Device Defender technique_scores T1041 Exfiltration Over C2 Channel
aws_network_firewall AWS Network Firewall technique_scores T1041 Exfiltration Over C2 Channel