Question 1

What is T1052.001 — Exfiltration over USB?

Accepted Answer

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user.

Question 2

What is the authoritative source for T1052.001?

Accepted Answer

Exfiltration over USB (T1052.001) is catalogued in MITRE ATT&CK Enterprise and curated for EU compliance use cases by SQUR.

Question 3

Which ATT&CK tactics does T1052.001 belong to?

Accepted Answer

T1052.001 (Exfiltration over USB) maps to the following MITRE ATT&CK tactic(s): exfiltration.

T1052.001Exfiltration over USB

What it is

ATT&CK tactics· 1

References