MITRE ATT&CK / T1041
T1041
Exfiltration Over C2 Channel
Exfiltration
Description
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
Platforms
ESXiLinuxmacOSWindows
Mitigations
- M1031 — Network Intrusion Prevention
- M1057 — Data Loss Prevention
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- MuddyWater Uses Chaos Ransomware as False Flag in Microsoft Teams Espionage Campaign
- Bleeding Llama: CVE-2026-5757 Exposes 300,000 Ollama AI Servers, No Patch Available
- npm Supply Chain Attack Audit: Detect Mini Shai-Hulud in SAP, PyTorch Lightning, and Intercom Dependencies
- DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences
- DPRK npm Malware Detection: Auditing npm for AI-Generated Backdoors
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →