Trusted Design戦術「Exfiltration」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1002 | Data Compressed | An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it p… |
| T1011 | Exfiltration Over Other Network Medium | Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the … |
| T1011.001 | Exfiltration Over Bluetooth | Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command an… |
| T1020 | Automated Exfiltration | Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gather… |
| T1020.001 | Traffic Duplication | Adversaries may leverage traffic mirroring in order to automate data exfiltration over compromised infrastructure. Traff… |
| T1022 | Data Encrypted | Data is encrypted before being exfiltrated in order to hide the information that is being exfiltrated from detection or … |
| T1029 | Scheduled Transfer | Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This co… |
| T1030 | Data Transfer Size Limits | An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresho… |
| T1041 | Exfiltration Over C2 Channel | Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into … |
| T1048 | Exfiltration Over Alternative Protocol | Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control ch… |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Adversaries may steal data by exfiltrating it over a symmetrically encrypted network protocol other than that of the exi… |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Adversaries may steal data by exfiltrating it over an asymmetrically encrypted network protocol other than that of the e… |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing comm… |
| T1052 | Exfiltration Over Physical Medium | Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive. In certain circumstances, s… |
| T1052.001 | Exfiltration over USB | Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an ai… |
| T1537 | Transfer Data to Cloud Account | Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of clou… |
| T1567 | Exfiltration Over Web Service | Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command an… |
| T1567.001 | Exfiltration to Code Repository | Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code re… |
| T1567.002 | Exfiltration to Cloud Storage | Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. C… |
| T1567.003 | Exfiltration to Text Storage Sites | Adversaries may exfiltrate data to text storage sites instead of their primary command and control channel. Text storage… |
| T1567.004 | Exfiltration Over Webhook | Adversaries may exfiltrate data to a webhook endpoint rather than over their primary command and control channel. Webhoo… |