TA0036 Exfiltration
The adversary is trying to steal data.
Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from the targeted mobile device.
In the mobile environment, mobile devices are frequently connected to networks outside enterprise control such as cellular networks or public Wi-Fi networks. Adversaries could attempt to evade detection by communicating on these networks, and potentially even by using non-Internet Protocol mechanisms such as Short Message Service (SMS). However, cellular networks often have data caps and/or extra data charges that could increase the potential for adversarial communication to be detected.
Item | Value |
---|---|
ID | TA0036 |
Created | 17 October 2018 |
Last Modified | 27 January 2020 |
Techniques (2)
ID | Name | Description |
---|---|---|
T1639 | Exfiltration Over Alternative Protocol | Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. |
T1639.001 | Exfiltration Over Unencrypted Non-C2 Protocol | Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. |
T1646 | Exfiltration Over C2 Channel | Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications. |