Question 1

What is T1041 — Exfiltration Over C2 Channel?

Accepted Answer

Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.

Question 2

What is the authoritative source for T1041?

Accepted Answer

Exfiltration Over C2 Channel (T1041) is catalogued in MITRE ATT&CK Enterprise and curated for EU compliance use cases by SQUR.

Question 3

Which ATT&CK tactics does T1041 belong to?

Accepted Answer

T1041 (Exfiltration Over C2 Channel) maps to the following MITRE ATT&CK tactic(s): exfiltration.

T1041Exfiltration Over C2 Channel

What it is

ATT&CK tactics· 1

References