EXPLORE
Sign In
← Back to Explore
T1052.001

Exfiltration over USB

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

LinuxWindowsmacOS
4
Detections
1
Sources
2
Threat Actors

BY SOURCE

4elastic

PROCEDURES (3)

Exfiltrat2 detections

Auto-extracted: 2 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (2)

Mustang PandaTropic Trooper

DETECTIONS (4)

First Time Seen Removable Device
elasticlow
New USB Storage Device Mounted
elasticlow
Spike in Bytes Sent to an External Device
elasticlow
Unusual Process Writing Data to an External Device
elasticlow