Skip to content

T1567.003 Exfiltration to Text Storage Sites

Adversaries may exfiltrate data to text storage sites instead of their primary command and control channel. Text storage sites, such as pastebin[.]com, are commonly used by developers to share code and other information.

Text storage sites are often used to host malicious code for C2 communication (e.g., Stage Capabilities), but adversaries may also use these sites to exfiltrate collected data. Furthermore, paid features and encryption options may allow adversaries to conceal and store data more securely.1

Note: This is distinct from Exfiltration to Code Repository, which highlight access to code repositories via APIs.

Item Value
ID T1567.003
Sub-techniques T1567.001, T1567.002, T1567.003
Tactics TA0010
Platforms Linux, Windows, macOS
Version 1.0
Created 27 February 2023
Last Modified 04 May 2023


ID Mitigation Description
M1021 Restrict Web-Based Content Web proxies can be used to enforce an external network communication policy that prevents use of unauthorized external services.


ID Data Source Data Component
DS0029 Network Traffic Network Traffic Content