Common Information
| Type | Value |
|---|---|
| Value |
Remote Data Staging - T1074.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may stage data collected from multiple systems in a central location or directory on one system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as [Archive Collected Data](https://attack.mitre.org/techniques/T1560). Interactive command shells may be used, and common functionality within [cmd](https://attack.mitre.org/software/S0106) and bash may be used to copy data into a staging location. In cloud environments, adversaries may stage data within a particular instance or virtual machine before exfiltration. An adversary may [Create Cloud Instance](https://attack.mitre.org/techniques/T1578/002) and stage data in that instance.(Citation: Mandiant M-Trends 2020) By staging data on one system prior to Exfiltration, adversaries can minimize the number of connections made to their C2 server and better evade detection. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-08-12 | 27 | You Don't Know the HAFNIUM of it... | ||
| Details | Website | 2024-05-06 | 2 | Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1 | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2022-10-18 | 38 | APT27 - One Year To Exfiltrate Them All: Intrusion In-Depth Analysis | ||
| Details | Website | 2022-10-07 | 36 | CISA Alert AA22-277A - Impacket and CovalentStealer Used to Steal Sensitive Data | ||
| Details | Website | 2022-10-04 | 34 | Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA | ||
| Details | Website | 2022-09-30 | 98 | A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion | ||
| Details | Website | 2022-06-10 | 76 | Threat Attribution — Chimera “Under the Radar” | ||
| Details | Website | 2022-02-23 | 314 | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | Mandiant | ||
| Details | Website | 2021-10-04 | 173 | BazarLoader and the Conti Leaks | ||
| Details | Website | 2021-03-11 | 27 | You Don't Know the HAFNIUM of it... | ||
| Details | Website | 2021-03-03 | 28 | Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk | ||
| Details | Website | 2021-01-12 | 216 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-12 | 215 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2020-08-17 | 30 | WellMess malware: analysis of its Command and Control (C2) server |