Common Information
| Type | Value |
|---|---|
| Value |
Exfiltration Over Alternative Protocol - T1048 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Data exfiltration is performed with a different protocol from the main command and control protocol or channel. The data is likely to be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, or some other network protocol. Different channels could include Internet Web services such as cloud storage. Detection: Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: User interface, Process monitoring, Process use of network, Packet capture, Netflow/Enclave netflow, Network protocol analysis Requires Network: Yes |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-28 | 81 | Aki-RATs - Command and Control Party | ||
| Details | Website | 2023-11-20 | 44 | Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group | ||
| Details | Website | 2023-11-06 | 47 | D0nut encrypt me, I have a wife and no backups | ||
| Details | Website | 2023-10-24 | 10 | Attacks on web applications spike in third quarter, new Talos IR data shows | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-09-29 | 25 | The Thin Line: Educational Tools vs. Malicious Threats - A Focus on The-Murk-Stealer - CYFIRMA | ||
| Details | Website | 2023-09-22 | 56 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-22 | 57 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-06 | 64 | Summer '23 Cryptomining Attacks: Analysis + Recommendations | Wiz Blog | ||
| Details | Website | 2023-09-05 | 41 | Dark Web Profile: Medusa Ransomware (MedusaLocker) | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-21 | 22 | Ransomware Spotlight: Play - Security News | ||
| Details | Website | 2023-07-13 | 43 | Threat Actor Profile: BianLian, The Shape-Shifting Ransomware Group | ||
| Details | Website | 2023-07-06 | 239 | Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA | ||
| Details | Website | 2023-06-14 | 23 | Understanding Ransomware Threat Actors: LockBit – Cyber Safe NV | ||
| Details | Website | 2023-06-12 | 112 | A Truly Graceful Wipe Out - The DFIR Report | ||
| Details | Website | 2023-05-16 | 77 | #StopRansomware: BianLian Ransomware Group | CISA | ||
| Details | Website | 2023-04-25 | 54 | Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server | ||
| Details | Website | 2023-04-20 | 481 | ATT&CK Changes | ||
| Details | Website | 2023-04-10 | 86 | Threat Actor Spotlight: RagnarLocker Ransomware | ||
| Details | Website | 2023-03-27 | 56 | Scarcruft Bolsters Arsenal for targeting individual Android devices | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies |