Mitre content packs TA0010-0019

The adversary is trying to steal data.

Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.

mitre alert packs

1. T1011: Exfiltration Over Other Network Medium

2. T1020: Automated Exfiltration

3. T1030: Data Transfer Size Limits

4. T1048: Exfiltration Over Alternative Protocol

5. T1052: Exfiltration over Physical Medium

6. T1537: Transfer Data to Cloud Account

7. T1567: Exfiltration over Web Service

LOOKUPS

• SecOpsLocation

• SecOpsAlertDescription

• SecOpsAssetRole

The adversary is trying to communicate with compromised systems to control them.

Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

mitre alert packs

1. T1071: Application Layer Protocol

2. T1090: Proxy

3. T1092: Communication Through Removable Media

4. T1095: Non-Application Layer Protocol

5. T1105: Ingress Tool Transfer

6. T1205: Traffic Signaling

7. T1219: Remote Access Software

8. T1568: Dynamic Resolution

9. T1571: Non-Standard Port

10. T1572: Protocol Tunneling

LOOKUPS

• SecOpsLocation

• SecOpsAlertDescription

• SecOpsAssetRole

• SecOpsEmbargoCountries