Home/ MITRE Matrix/ Exfiltration/ T1048

T1048Exfiltration Over Alternative Protocol

T1048 — Exfiltration Over Alternative Protocol is a MITRE ATT&CK technique in the Exfiltration tactic. Clankerusecase tracks 6 detection use cases covering it and 1 threat-intel article citing it.

Exfiltration

View on the matrix → Filter Detection Library MITRE official spec ↗

6Use cases

1Articles

3Sub-techniques

1Tactic

Sub-techniques (3)

T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol

Use cases covering this technique (6)

Ollama Possible Model Exfiltration Data Leakage ESCU actions · hunting P O365 DLP Rule Triggered ESCU actions · hunting P DNS Exfiltration Using Nslookup App ESCU actions · alerting P Excessive Usage of NSLOOKUP App ESCU actions · hunting P Prohibited Network Traffic Allowed ESCU actions · alerting P [LLM] WinSCP or Rclone exfiltration from end-user workstations Bespoke actions · hunting DSΣPDDCS

Articles citing this technique (1)

crit UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign art-108