We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org

Mapping To Exfiltration

When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK activity, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness. The following table outlines the Adversary Vulnerabilities and Engagement Activities that are available to the defender when the adversary engages in Exfiltration behaviors.

Details
ATT&CK ID: TA0010

ATT&CK® Technique Adversary Vulnerability Engagement Activity Engagement Activity Description
Exfiltration Over Other Network Medium When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Exfiltration Over Other Network Medium When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Exfiltration Over Other Network Medium When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Other Network Medium When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Other Network Medium When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Other Network Medium When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Other Network Medium When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Exfiltration Over Other Network Medium When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Other Network Medium When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Automated Exfiltration When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Automated Exfiltration When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Automated Exfiltration When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Automated Exfiltration When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Automated Exfiltration When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Automated Exfiltration When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Automated Exfiltration When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Automated Exfiltration When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
Automated Exfiltration When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Automated Exfiltration When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Scheduled Transfer When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Scheduled Transfer When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Scheduled Transfer When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Scheduled Transfer When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Scheduled Transfer When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Scheduled Transfer When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Scheduled Transfer When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Scheduled Transfer When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Scheduled Transfer When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Data Transfer Size Limits When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Data Transfer Size Limits When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Data Transfer Size Limits When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Data Transfer Size Limits When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Data Transfer Size Limits When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Data Transfer Size Limits When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Data Transfer Size Limits When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Data Transfer Size Limits When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over C2 Channel When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Exfiltration Over C2 Channel When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Exfiltration Over C2 Channel When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over C2 Channel When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over C2 Channel When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over C2 Channel When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over C2 Channel When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Exfiltration Over C2 Channel When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over C2 Channel When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Alternative Protocol When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Exfiltration Over Alternative Protocol When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Exfiltration Over Alternative Protocol When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Alternative Protocol When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Alternative Protocol When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Alternative Protocol When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Alternative Protocol When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Exfiltration Over Alternative Protocol When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Alternative Protocol When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Physical Medium When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Exfiltration Over Physical Medium When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network. Peripheral Management Manage peripheral devices used on systems within the network for engagement purposes.
Exfiltration Over Physical Medium When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource. Peripheral Management Manage peripheral devices used on systems within the network for engagement purposes.
Exfiltration Over Physical Medium When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Exfiltration Over Physical Medium When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Physical Medium When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Physical Medium When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Physical Medium When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Physical Medium When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Exfiltration Over Physical Medium When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Physical Medium When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Transfer Data to Cloud Account When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Transfer Data to Cloud Account When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Transfer Data to Cloud Account When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Transfer Data to Cloud Account When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Transfer Data to Cloud Account When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Transfer Data to Cloud Account When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Transfer Data to Cloud Account When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Transfer Data to Cloud Account When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Transfer Data to Cloud Account When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Web Service When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior. Network Analysis Analyze network traffic to gain intelligence on communications between systems.
Exfiltration Over Web Service When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities. Information Manipulation Conceal and reveal both facts and fictions to support a deception story
Exfiltration Over Web Service When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Web Service When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Web Service When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Exfiltration Over Web Service When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity. Network Monitoring Monitor network traffic in order to detect adversary activity.
Exfiltration Over Web Service When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content. Security Controls Alter security controls to make the system more or less vulnerable to attack.
Exfiltration Over Web Service When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Exfiltration Over Web Service When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task. Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story.
Stay tuned for more mappings with this tactic.