Exfiltration Over Alternative Protocol
Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Adversaries may also opt to encrypt and/or obfuscate these alternate channels. [Exfiltration Over Alternative Protocol](http...
BY SOURCE
PROCEDURES (29)
Auto-extracted: 2 detections for download
Auto-extracted: 2 detections for process creation monitoring
Auto-extracted: 2 detections for persist
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for ransomware
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for ransomware
Auto-extracted: 1 detections for dns
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for command and control
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for dns
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for command and control
Auto-extracted: 1 detections for c2
Auto-extracted: 1 detections for tunnel
Auto-extracted: 1 detections for tunnel
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for dump
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for tunnel
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for c2