Exfiltration over USB
Exfiltration over USB (T1052.001) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may attempt to exfiltrate data over a USB connected physical device.
Exfiltration
3 platforms
Loading AttackTrace...
Loading AttackTrace...
MITRE ATT&CK
A reviewed, source-linked view of MITRE ATT&CK techniques across enterprise tactics, platforms, detections, investigations, and mitigations.
Exfiltration over USB (T1052.001) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may attempt to exfiltrate data over a USB connected physical device.
Scheduled Task/Job (T1053) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code.
At (T1053.002) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code.
Cron (T1053.003) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the <code cron</code utility to perform task scheduling for initial or recurring execution of malicious code. The <code cron</code utility is a tim…
Scheduled Task (T1053.005) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code.
Systemd Timers (T1053.006) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code.
Container Orchestration Job (T1053.007) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse task scheduling functionality provided by container orchestration tools such as Kubernetes to schedule deployment of contain…
Process Injection (T1055) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject code into processes in order to evade process based defenses as well as possibly elevate privileges.
Dynamic link Library Injection (T1055.001) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject dynamic link libraries (DLLs) into processes in order to evade process based defenses as well as possibly elevate privileges.
Portable Executable Injection (T1055.002) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject portable executables (PE) into processes in order to evade process based defenses as well as possibly elevate privileges.
Thread Execution Hijacking (T1055.003) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into hijacked processes in order to evade process based defenses as well as possibly elevate privileges.
Asynchronous Procedure Call (T1055.004) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process based defenses as well as possibly…
Thread Local Storage (T1055.005) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via thread local storage (TLS) callbacks in order to evade process based defenses as well as possibly elevate privi…
Ptrace System Calls (T1055.008) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via ptrace (process trace) system calls in order to evade process based defenses as well as possibly elevate privile…
Proc Memory (T1055.009) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via the /proc filesystem in order to evade process based defenses as well as possibly elevate privileges.
Extra Window Memory Injection (T1055.011) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process based defenses as well as possibly elevate privileges.
Process Hollowing (T1055.012) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into suspended and hollowed processes in order to evade process based defenses.
Process Doppelgänging (T1055.013) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into process via process doppelgänging in order to evade process based defenses as well as possibly elevate privileges.
VDSO Hijacking (T1055.014) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via VDSO hijacking in order to evade process based defenses as well as possibly elevate privileges.
ListPlanting (T1055.015) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may abuse list view controls to inject malicious code into hijacked processes in order to evade process based defenses as well as possibly elevate privileges.
Input Capture (T1056) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may use methods of capturing user input to obtain credentials or collect information.
Keylogging (T1056.001) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may log user keystrokes to intercept credentials as the user types them.
GUI Input Capture (T1056.002) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may mimic common operating system GUI components to prompt users for credentials with a seemingly legitimate prompt.
Web Portal Capture (T1056.003) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may install code on externally facing portals, such as a VPN login page, to capture and transmit credentials of users who attempt to log into the service.
Credential API Hooking (T1056.004) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may hook into Windows application programming interface (API) functions and Linux system functions to collect user credentials.
Process Discovery (T1057) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get information about running processes on a system.
Command and Scripting Interpreter (T1059) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
PowerShell is a Windows automation and configuration environment built on .NET. Adversaries abuse it for execution, discovery, download, credential access, and administration because it is widely installed and can interact with operating system and cloud APIs. PowerShell use i…
AppleScript (T1059.002) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse AppleScript for execution.
Windows Command Shell (T1059.003) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse the Windows command shell for execution.