Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Exfiltration/ T1041

T1041Exfiltration Over C2 Channel

T1041 — Exfiltration Over C2 Channel is a MITRE ATT&CK technique in the Exfiltration tactic. Clankerusecase tracks 70 detection use cases covering it and 49 threat-intel articles citing it.

Exfiltration
View on the matrix → Filter Detection Library MITRE official spec ↗
70Use cases
49Articles
0Sub-techniques
1Tactic

Use cases covering this technique (70)

Application data exfiltration successful Internal actions · alerting DD [WEEKLY] Cross-category credential-store enumeration with rapid egress to anonymizing tunnel/CDN Internal actions · alerting DSPDD [WEEKLY] Non-Browser Process Reads Browser Credential / Cookie SQLite Then Egresses to Public Destination Within 10 Minutes Internal actions · alerting DSPDD [WEEKLY] Package install lifecycle hook spawns interpreter that reads developer credential stores Internal install · alerting DSPDDCS [WEEKLY] Package-install lifecycle script harvests local credentials and beacons to a non-baselined domain Internal install · alerting DSPDD [WEEKLY] Package-manager child process credential fan-out with public egress (Mini Shai-Hulud / TeamPCP worm chain) Internal install · alerting DSPDD [WEEKLY] Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access Internal install · alerting DSPDD [WEEKLY] Package-manager install hook spawns interpreter that beacons to non-registry host within 120s Internal install · alerting DSPDD [WEEKLY] Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry Internal install · alerting DSPDD [WEEKLY] Package-Manager Install -> Interpreter Child -> Non-Registry Egress Within 5 Minutes Internal install · alerting DSPDD [WEEKLY] Package-manager install-time interpreter spawn with credential-file read and outbound egress within 120s Internal install · alerting DSPDD [WEEKLY] Supply-chain repo credential theft → outbound exfil to attacker infra Internal actions · alerting DSPDD Cisco ASA - Device File Copy to Remote Location ESCU actions · hunting P Potential Telegram API Request Via CommandLine ESCU actions · hunting P Windows Exfiltration Over C2 Via Invoke RestMethod ESCU actions · alerting P Windows Exfiltration Over C2 Via Powershell UploadString ESCU actions · alerting P Cisco Secure Firewall - High EVE Threat Confidence ESCU actions · hunting P Cisco Secure Firewall - Intrusion Events by Threat Activity ESCU actions · hunting P Cisco Secure Firewall - Lumma Stealer Download Attempt ESCU actions · hunting P Cisco Secure Firewall - Lumma Stealer Outbound Connection Attempt ESCU actions · hunting P Cisco Secure Firewall - Potential Data Exfiltration ESCU actions · hunting P Detect SNICat SNI Exfiltration ESCU actions · alerting P [LLM] Shai-Hulud worm exfil — outbound to webhook.site/bb8ca5f6 from developer or CI process Bespoke c2 · alerting DSΣPDDCS [LLM] Agentjacking C2/exfiltration to advisory-tracker.com (Tenet Sentry-MCP attack) Bespoke actions · alerting DSΣPDDCS [LLM] Outbound public network from LangGraph runtime to non-allowlisted destination Bespoke c2 · hunting DSΣPDDCS [LLM] OpenClaw agent runtime reads secrets store (.env / .aws / id_rsa) followed by external network egress Bespoke actions · alerting DSPDDCS [LLM] AI-agent-driven mailbox auto-forwards messages to first-time-seen external recipient Bespoke actions · alerting DSPDD [LLM] npm/node install-time process beaconing to webhook.site, sfrclak.com or 142.11.206.73 Bespoke c2 · alerting DSΣPDDCS [LLM] Meta Graph API request with access_token in URL query string (CVE-2026-48039 leak signature) Bespoke c2 · alerting DSΣPDDCS [LLM] build.rs invoking curl POST to Sentry envelope endpoint with code diff payload Bespoke actions · alerting DSΣPDDCS [LLM] Outbound DNS / HTTP to Miasma C2 (git-service.com / m-kosche.com) Bespoke c2 · alerting DSΣPDDCS [LLM] Node child of node-gyp/python making outbound to GitHub dead-drop or anomalous web service during install Bespoke exfil · hunting DSPDDCS [LLM] GitHub Actions runner: node from Claude Code Action egresses to non-Anthropic/non-GitHub endpoint Bespoke c2 · hunting DSPDDCS [LLM] Mini Shai-Hulud npm worm exfiltration to t.m-kosche.com OpenTelemetry endpoint Bespoke actions · alerting DSΣPDDCS [LLM] C2 beacon to audit.checkmarx[.]cx /v1/telemetry (TeamPCP Shai-Hulud Third Coming) Bespoke c2 · alerting DSΣPDDCS [LLM] Egress to typosquatted C2 flipboxstudio.info (Laravel-Lang Composer SC) Bespoke c2 · alerting DSΣPDDCS [LLM] Shai-Hulud exfiltration: node.exe POSTs to api.github.com creating public repo Bespoke actions · hunting DSPDDCS [LLM] HTTPS POST to /startlog with codexui User-Agent (Codex exfil over the wire) Bespoke actions · alerting DSΣPDDCS [LLM] Outbound recon callback from Yamcs host (curl/shell child of JVM to public IP) Bespoke c2 · alerting DSPCS [LLM] Laravel-Lang supply chain C2/exfil to flipboxstudio.info Bespoke c2 · alerting DSΣPDDCS [LLM] C2 egress to flipboxstudio.info from Laravel-Lang composer dropper Bespoke c2 · alerting DSΣPDDCS [LLM] Megalodon CI/CD exfil: outbound HTTPS to C2 216.126.225.129:8443 Bespoke c2 · hunting DSΣPDDCS [LLM] Megalodon harvester: curl POST to C2 /collect endpoint on Linux runner Bespoke actions · alerting DSΣPDDCS [LLM] Mini Shai-Hulud C2 callback to zero.masscan.cloud / 94.154.172.43 Bespoke c2 · alerting DSΣPDDCS [LLM] Mini Shai-Hulud / TeamPCP C2 beacon to api.masscan.cloud / git-tanstack.com / *.getsession.org Bespoke c2 · alerting DSPDDCS [LLM] Mini Shai-Hulud C2 exfil to t.m-kosche.com disguised as OpenTelemetry collector Bespoke c2 · alerting DSΣPDDCS [LLM] node-ipc C2 callback to sh.azurestaticprovider.net (May 2026 npm supply-chain) Bespoke c2 · alerting DSΣPDDCS [LLM] Arcane backend host outbound Git/HTTPS to non-allowlisted host on port 22/443 (CVE-2026-45625 credential sink) Bespoke c2 · hunting DSPDDCS [LLM] Outbound connection to Gremlin Stealer exfiltration host 194.87.92.109 Bespoke actions · hunting DSΣPDDCS [LLM] Outbound egress to node-ipc stealer infrastructure (azurestaticprovider[.]net / 37.16.75.69) Bespoke actions · alerting DSΣPDDCS [LLM] DNS lookup for azurestaticprovider[.]net node-ipc exfil domain Bespoke c2 · alerting DSΣPDDCS [LLM] Rust cargo-test binary in target/debug/deps spawning shell or network tool (CVE-2026-45311 exploitation) Bespoke exploit · alerting DSΣPDD [LLM] Session/Oxen P2P exfil DNS or TCP to getsession.org from build/CI host Bespoke c2 · alerting DSΣPDD [LLM] Outbound to elementary-data exfil C2 igotnofriendsonlineorirl-imgonnakmslmao.sky Bespoke c2 · alerting DSΣPDDCS [LLM] Stage-3 exfil archive trin.tar.gz POST via curl --data-binary Bespoke actions · alerting DSΣPDDCS [LLM] TeamPCP @bitwarden/cli stealer exfil to audit.checkmarx.cx (94.154.172.43) Bespoke c2 · hunting DSΣPDDCS [LLM] Mini Shai-Hulud: Bun runtime executing `router_runtime.js` (2nd-stage stealer) Bespoke actions · alerting DSΣPDD [LLM] Exfil to skyhanni.cloud C2 with X-Rise-To-The-Trinny header Bespoke c2 · alerting DSΣPDDCS [LLM] Trust Wallet Shai-Hulud C2 callback to metrics-trustwallet.com / 138.124.70.40 Bespoke c2 · alerting DSΣPDDCS [LLM] TeamPCP exfiltration archive tpcp.tar.gz created on disk Bespoke actions · alerting DSΣPDDCS [LLM] TeamPCP C2 / exfil egress to models.litellm.cloud, checkmarx.zone and AS205759 nodes Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound DNS/HTTPS to TeamPCP exfil domain models.litellm.cloud (litellm PyPI compromise) Bespoke c2 · alerting DSΣPDDCS [LLM] TeamPCP tpcp.tar.gz exfil POST signature on egress proxy / WAF Bespoke actions · alerting DSΣPDDCS [LLM] DNS / HTTPS egress to TeamPCP exfil infra (models.litellm.cloud, checkmarx.zone) Bespoke c2 · hunting DSΣPDDCS [LLM] GlassWorm hardcoded C2 IP egress (45.32.150.251 / 217.69.3.152) for Stage-2 fetch and exfil Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound traffic to *.oastify.com (BurpSuite Collaborator) from corporate endpoint Bespoke exfiltration · alerting DSΣPDDCS [LLM] GhostChat C2 beacon URL pattern: hitpak.org/page.php?tynor=<host>sss<user> Bespoke exfil · alerting DSΣPDDCS [LLM] MuddyViper C2 fingerprint: 'A WinHTTP Example Program/1.0' UA + distinctive URI paths Bespoke c2 · alerting DSΣPDDCS [LLM] Scavenger Stealer C2 beacon to corroborated infrastructure (datahog.su / datalytica.su / smartscreen-api.com) Bespoke c2 · alerting DSΣPDDCS [LLM] Moq SponsorLink email exfil egress to cdn.devlooped.com / SponsorLink blob Bespoke c2 · hunting DSΣPDDCS

Articles citing this technique (49)

crit Early Warning Signs of Supply-Chain Attacks Live in the Dark Web art-27
high Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code art-28
crit LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution art-32
high New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets art-41
high npm v12 delivers one of the biggest security improvements in years art-46
crit [GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token art-47
crit OceanLotus: From external espionage to domestic targeting art-54
crit Compromised Rust crate onering performs code exfiltration art-66
crit Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Ag art-79
crit Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System art-85
high Securing CI/CD in an agentic world: Claude Code Github action case art-117
crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi art-123
crit The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) art-143
high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets art-145
crit Out of the Crypt: The Evolving Cyber Extortion Economy art-193
high Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens art-194
crit [GHSA / CRITICAL] CVE-2026-44632: Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExe art-202
crit Laravel Lang Supply Chain Advisory art-211
high Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer art-212
high Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories art-215
crit [GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-serv art-235
crit Webworm: New burrowing techniques art-240
crit [GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch art-263
crit Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages art-267
crit Active Supply Chain Attack: Malicious node-ipc Versions Published to npm art-269
crit [GHSA / CRITICAL] CVE-2026-45625: Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltra art-274
high Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files art-281
crit Malicious node-ipc versions published to npm in suspected maintainer account compromise art-284
crit [GHSA / CRITICAL] CVE-2026-45311: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval art-293
crit FrostyNeighbor: Fresh mischief and digital shenanigans art-309
crit TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack art-318
crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332
high elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection art-334
crit Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools art-335
high Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud art-339
high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352
high Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity art-395
crit TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package art-413
high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414
crit litellm: Credential Stealer Hidden in PyPI Wheel art-423
crit Popular telnyx package compromised on PyPI by TeamPCP art-425
crit How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM art-443
crit GlassWorm Hides a RAT Inside a Malicious Chrome Extension art-458
high How “Clinejection” Turned an AI Bot into a Supply Chain Attack art-521
med Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan art-593
med MuddyWater: Snakes by the riverbank art-676
crit Gotta fly: Lazarus targets the UAV sector art-734
crit Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware art-837
high .NET developers alert: Moq NuGET package exfiltrates user emails from git art-1399