Exfiltration Over Web Service
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services. Web service providers also commonly use SSL/TLS encryption, giving adversaries an ...
BY SOURCE
PROCEDURES (32)
Auto-extracted: 4 detections for tunnel
Auto-extracted: 4 detections for general monitoring
Auto-extracted: 3 detections for exfiltrat
Auto-extracted: 2 detections for unusual
Auto-extracted: 2 detections for exfiltrat
Auto-extracted: 2 detections for azure
Auto-extracted: 2 detections for command and control
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for http
Auto-extracted: 1 detections for http
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for download
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for c2
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for aws
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for download