Common Information
| Type | Value |
|---|---|
| Value |
Exfiltration Over Alternative Protocol - T1048 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Data exfiltration is performed with a different protocol from the main command and control protocol or channel. The data is likely to be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, or some other network protocol. Different channels could include Internet Web services such as cloud storage. Detection: Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: User interface, Process monitoring, Process use of network, Packet capture, Netflow/Enclave netflow, Network protocol analysis Requires Network: Yes |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-24 | 79 | Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf | ||
| Details | Website | 2024-10-24 | 16 | Talos IR trends Q3 2024: Identity-based operations loom large | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-09-30 | 174 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | ||
| Details | Website | 2024-09-27 | 58 | OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe - CYFIRMA | ||
| Details | Website | 2024-09-25 | 24 | Zero Trust Protections - Illustrated | ||
| Details | Website | 2024-09-16 | 13 | The Dark Lord of Cybersecurity | ||
| Details | Website | 2024-09-13 | 35 | Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event | ||
| Details | Website | 2024-09-13 | 35 | Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-08-30 | 24 | Emulating the Extortionist Mallox Ransomware | ||
| Details | Website | 2024-08-29 | 269 | #StopRansomware: RansomHub Ransomware | CISA | ||
| Details | Website | 2024-08-01 | 34 | BlankBot - a new Android banking trojan with screen recording,… | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-06-05 | 26 | TargetCompany’s Linux Variant Targets ESXi Environments | ||
| Details | Website | 2024-06-05 | 25 | TargetCompany’s Linux Variant Targets ESXi Environments | ||
| Details | Website | 2024-04-01 | 124 | From OneNote to RansomNote: An Ice Cold Intrusion | ||
| Details | Website | 2024-01-04 | 63 | ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario) |