Page Comparison

TA0010

Exfiltration

Purpose

The adversary is trying to steal data.

Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.

Included content

1. T1011: Exfiltration Over Other Network Medium

2. T1020: Automated Exfiltration

3. T1030: Data Transfer Size Limits

4. T1048: Exfiltration Over Alternative Protocol

5. T1052: Exfiltration over Physical Medium

6. T1537: Transfer Data to Cloud Account

7. T1567: Exfiltration over Web Service

Prerequisites

• SecOpsLocation

• SecOpsAlertDescription

• SecOpsAssetRole

TA0011

Command and Control

Image Added

Purpose

The adversary is trying to communicate with compromised systems to control them.

Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

Included content

1. T1071: Application Layer Protocol

2. T1090: Proxy

3. T1092: Communication Through Removable Media

4. T1095: Non-Application Layer Protocol

5. T1105: Ingress Tool Transfer

6. T1205: Traffic Signaling

7. T1219: Remote Access Software

8. T1568: Dynamic Resolution

Prerequisites

• SecOpsLocation

• SecOpsAlertDescription

• SecOpsAssetRole

• SecOpsEmbargoCountries