Hunting with Elastic Security: Detecting covert data exfiltration
Tags
attack-pattern: Data Cloud Services - T1021.007 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Ip Addresses - T1590.005 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Data Obfuscation - T1001 Exfiltration Over Alternative Protocol - T1048
Show in Graph
Common Information
Type Value
UUID e9f4fc52-6a75-4b36-8137-39183ac5e812
Fingerprint 343309b06db5dcc3
Analysis status DONE
Considered CTI value 2
Text language
Published March 12, 2025, midnight
Added to db March 12, 2025, 9:54 p.m.
Last updated March 20, 2025, 1:44 p.m.
Headline Hunting with Elastic Security: Detecting covert data exfiltration
Title Hunting with Elastic Security: Detecting covert data exfiltration
Detected Hints/Tags/Attributes 66/1/9
Source URLs
Redirection Url
Details Source https://www.elastic.co/blog/elastic-security-detecting-covert-data-exfiltration
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 305 Elastic Blog - Elasticsearch, Kibana, and ELK Stack https://www.elastic.co/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 460 
attack.mitre.org
Details Domain 10 
rule.name
Details Domain 10 
dns.question.name
Details Domain 68 
process.name
Details Domain 103 
user.name
Details MITRE ATT&CK Techniques 118 
T1048
Details MITRE ATT&CK Techniques 4 
T1048.001
Details MITRE ATT&CK Techniques 22 
T1048.002
Details MITRE ATT&CK Techniques 37 
T1048.003