EXPLORE
Sign In
← Back to Explore
T1074.002

Remote Data Staging

Adversaries may stage data collected from multiple systems in a central location or directory on one system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as [Archive Collected Data](https://attack.mitre.org/techniques/T1560). Interactive command shells may be used, and common functionality within [cmd](https://attack.mitre.org/software/S0106) and bash may be used to copy data into a staging location. In cloud environments, adversarie...

WindowsIaaSLinuxmacOSESXi
3
Detections
1
Sources
10
Threat Actors

BY SOURCE

3elastic

PROCEDURES (3)

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

THREAT ACTORS (10)

APT28ChimeraFIN6FIN8LeviathanmenuPassMoustachedBouncerSea TurtleThreat Group-3390ToddyCat

DETECTIONS (3)

AWS RDS DB Instance Restored
elasticmedium
Google Drive Ownership Transferred via Google Workspace
elasticmedium
Remote File Copy to a Hidden Share
elasticmedium