Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows)

Description

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. 

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanOS CommandComputer ConnectivityPlugin ID: 64582

References

Netstat Connection Information

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Exfiltration

Platform: Windows

Tenable Release Date: 2022 Q3 (GA)