Common Information
| Type | Value |
|---|---|
| Value |
Exfiltration Over Alternative Protocol - T1048 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Data exfiltration is performed with a different protocol from the main command and control protocol or channel. The data is likely to be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, or some other network protocol. Different channels could include Internet Web services such as cloud storage. Detection: Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2) Platforms: Linux, macOS, Windows Data Sources: User interface, Process monitoring, Process use of network, Packet capture, Netflow/Enclave netflow, Network protocol analysis Requires Network: Yes |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-04-21 | 36 | Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) | ||
| Details | Website | 2021-04-20 | 102 | Authentication Bypass Techniques and Pulse Secure Zero-Day | ||
| Details | Website | 2020-09-29 | 23 | Cross Platform Modular Glupteba Malware Uses ManageX | ||
| Details | Website | 2020-09-23 | 26 | Your best defense against ransomware: Find the early warning signs - Help Net Security | ||
| Details | Website | 2020-09-02 | 63 | KryptoCibule: The multitasking multicurrency cryptostealer | WeLiveSecurity | ||
| Details | Website | 2020-07-16 | 76 | Mac cryptocurrency trading application rebranded, bundled with malware | WeLiveSecurity | ||
| Details | Website | 2020-06-17 | 37 | Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity | ||
| Details | Website | 2020-04-20 | 39 | WINNTI GROUP: Insights From the Past |