Exfiltration Over C2 Channel (T1041)

Tactic: Exfiltration

Tactics: Exfiltration
Platforms: ESXi, Linux, macOS, Windows
Reference: attack.mitre.org/techniques/T1041

Description

Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.

How GTK Cyber trains on this

GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Exfiltration tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.

Threat Hunting with Data Science →·All training courses

Related techniques

T1011 — Exfiltration Over Other Network Medium
T1020 — Automated Exfiltration
T1029 — Scheduled Transfer
T1030 — Data Transfer Size Limits
T1048 — Exfiltration Over Alternative Protocol
T1052 — Exfiltration Over Physical Medium
T1537 — Transfer Data to Cloud Account
T1567 — Exfiltration Over Web Service

Train your team to detect attacks like this.

GTK Cyber's Threat Hunting with Data Science course is taught by practitioners who detect this stuff for a living.

Explore Threat Hunting Training