T1567.001SubTechniqueexfiltrationagent-callable

T1567.001Exfiltration to Code Repository

Sub-technique of T1567

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection. Exfiltration to a code repository can also provide a significant amount of cover to the adversary if it is a popular service already used by hosts within the network.

ATT&CK tactics· 1

Exfiltration

References

  1. https://attack.mitre.org/techniques/T1567/001
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.