Detections
Analytics
Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows)
Description
Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 64582 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Exfiltration
Technique: Exfiltration Over Alternative Protocol
Sub-Technique: Exfiltration Over Symmetric Encrypted Non-C2 Protocol
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q3 (GA)