Exfiltration, Tactic TA0010 - Enterprise

<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>Exfiltration, Tactic TA0010 - Enterprise | MITRE ATT&CK®</title>  <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body>  <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>  <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header>  <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent">  <div class='container-fluid h-100'> <div class='row h-100'> <div class="nav flex-column col-xl-2 col-lg-3 col-md-3 sidebar nav pt-5 pb-3 pl-3 border-right" id="v-tab" role="tablist" aria-orientation="vertical">  <div class="group-nav-desktop-view"> <span class="heading" id="v-home-tab" aria-selected="false">TACTICS</span> <div class="sidenav"> <div class="sidenav-head " id="enterprise"> <a href="/versions/v9/tactics/enterprise/"> Enterprise </a> <div class="expand-button collapsed" id="enterprise-header" data-toggle="collapse" data-target="#enterprise-body" aria-expanded="false" aria-controls="#enterprise-body"></div> </div> <div class="sidenav-body collapse" id="enterprise-body" aria-labelledby="enterprise-header"> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Reconnaissance"> <a href="/versions/v9/tactics/TA0043/"> Reconnaissance </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Resource Development"> <a href="/versions/v9/tactics/TA0042/"> Resource Development </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Initial Access"> <a href="/versions/v9/tactics/TA0001/"> Initial Access </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Execution"> <a href="/versions/v9/tactics/TA0002/"> Execution </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Persistence"> <a href="/versions/v9/tactics/TA0003/"> Persistence </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Privilege Escalation"> <a href="/versions/v9/tactics/TA0004/"> Privilege Escalation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Defense Evasion"> <a href="/versions/v9/tactics/TA0005/"> Defense Evasion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Credential Access"> <a href="/versions/v9/tactics/TA0006/"> Credential Access </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Discovery"> <a href="/versions/v9/tactics/TA0007/"> Discovery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Lateral Movement"> <a href="/versions/v9/tactics/TA0008/"> Lateral Movement </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Collection"> <a href="/versions/v9/tactics/TA0009/"> Collection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Command and Control"> <a href="/versions/v9/tactics/TA0011/"> Command and Control </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="enterprise-Exfiltration"> <a href="/versions/v9/tactics/TA0010/"> Exfiltration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Impact"> <a href="/versions/v9/tactics/TA0040/"> Impact </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="mobile"> <a href="/versions/v9/tactics/mobile/"> Mobile </a> <div class="expand-button collapsed" id="mobile-header" data-toggle="collapse" data-target="#mobile-body" aria-expanded="false" aria-controls="#mobile-body"></div> </div> <div class="sidenav-body collapse" id="mobile-body" aria-labelledby="mobile-header"> <div class="sidenav"> <div class="sidenav-head" id="mobile-Initial Access"> <a href="/versions/v9/tactics/TA0027/"> Initial Access </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Execution"> <a href="/versions/v9/tactics/TA0041/"> Execution </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Persistence"> <a href="/versions/v9/tactics/TA0028/"> Persistence </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Privilege Escalation"> <a href="/versions/v9/tactics/TA0029/"> Privilege Escalation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Defense Evasion"> <a href="/versions/v9/tactics/TA0030/"> Defense Evasion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Credential Access"> <a href="/versions/v9/tactics/TA0031/"> Credential Access </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Discovery"> <a href="/versions/v9/tactics/TA0032/"> Discovery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Lateral Movement"> <a href="/versions/v9/tactics/TA0033/"> Lateral Movement </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Collection"> <a href="/versions/v9/tactics/TA0035/"> Collection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Command and Control"> <a href="/versions/v9/tactics/TA0037/"> Command and Control </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Exfiltration"> <a href="/versions/v9/tactics/TA0036/"> Exfiltration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Impact"> <a href="/versions/v9/tactics/TA0034/"> Impact </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Network Effects"> <a href="/versions/v9/tactics/TA0038/"> Network Effects </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Remote Service Effects"> <a href="/versions/v9/tactics/TA0039/"> Remote Service Effects </a> </div> </div> </div> </div> </div>  </div> <div class="tab-content col-xl-10 col-lg-9 col-md-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/tactics/enterprise">Tactics</a></li> <li class="breadcrumb-item"><a href="/versions/v9/tactics/enterprise">Enterprise</a></li> <li class="breadcrumb-item">Exfiltration</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> Exfiltration </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p>The adversary is trying to steal data.</p><p>Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they鈥檝e collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.</p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div class="card-data"><span class="h5 card-title">ID:</span> TA0010</div> <div class="card-data"><span class="h5 card-title">Created: </span>17 October 2018</div> <div class="card-data"><span class="h5 card-title">Last Modified: </span>19 July 2019</div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of TA0010" href="/versions/v9/tactics/TA0010/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of TA0010" href="/tactics/TA0010/" data-test-ignore="true">Live Version</a> </div> </div> </div> </div> <h2 class="pt-3" id ="techniques">Techniques</h2><h6 class="table-object-count">Techniques: 9</h6> <table class="table-techniques"> <thead> <tr> <td colspan="2">ID</td> <td>Name</td> <td>Description</td> </tr> </thead> <tbody> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1020"> T1020 </a> </td> <td> <a href="/versions/v9/techniques/T1020"> Automated Exfiltration </a> </td> <td> Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1020/001"> .001 </a> </td> <td> <a href="/versions/v9/techniques/T1020/001"> Traffic Duplication </a> </td> <td> Adversaries may leverage traffic mirroring in order to automate data exfiltration over compromised network infrastructure. Traffic mirroring is a native feature for some network devices and used for network analysis and may be configured to duplicate traffic and forward to one or more destinations for analysis by a network analyzer or other monitoring device. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1030"> T1030 </a> </td> <td> <a href="/versions/v9/techniques/T1030"> Data Transfer Size Limits </a> </td> <td> An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1048"> T1048 </a> </td> <td> <a href="/versions/v9/techniques/T1048"> Exfiltration Over Alternative Protocol </a> </td> <td> Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1048/001"> .001 </a> </td> <td> <a href="/versions/v9/techniques/T1048/001"> Exfiltration Over Symmetric Encrypted Non-C2 Protocol </a> </td> <td> Adversaries may steal data by exfiltrating it over a symmetrically encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1048/002"> .002 </a> </td> <td> <a href="/versions/v9/techniques/T1048/002"> Exfiltration Over Asymmetric Encrypted Non-C2 Protocol </a> </td> <td> Adversaries may steal data by exfiltrating it over an asymmetrically encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1048/003"> .003 </a> </td> <td> <a href="/versions/v9/techniques/T1048/003"> Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol </a> </td> <td> Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1041"> T1041 </a> </td> <td> <a href="/versions/v9/techniques/T1041"> Exfiltration Over C2 Channel </a> </td> <td> Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1011"> T1011 </a> </td> <td> <a href="/versions/v9/techniques/T1011"> Exfiltration Over Other Network Medium </a> </td> <td> Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the command and control network is a wired Internet connection, the exfiltration may occur, for example, over a WiFi connection, modem, cellular data connection, Bluetooth, or another radio frequency (RF) channel. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1011/001"> .001 </a> </td> <td> <a href="/versions/v9/techniques/T1011/001"> Exfiltration Over Bluetooth </a> </td> <td> Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an attacker may opt to exfiltrate data using a Bluetooth communication channel. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1052"> T1052 </a> </td> <td> <a href="/versions/v9/techniques/T1052"> Exfiltration Over Physical Medium </a> </td> <td> Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a physical medium or device introduced by a user. Such media could be an external hard drive, USB drive, cellular phone, MP3 player, or other removable storage and processing device. The physical medium or device could be used as the final exfiltration point or to hop between otherwise disconnected systems. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1052/001"> .001 </a> </td> <td> <a href="/versions/v9/techniques/T1052/001"> Exfiltration over USB </a> </td> <td> Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1567"> T1567 </a> </td> <td> <a href="/versions/v9/techniques/T1567"> Exfiltration Over Web Service </a> </td> <td> Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1567/001"> .001 </a> </td> <td> <a href="/versions/v9/techniques/T1567/001"> Exfiltration to Code Repository </a> </td> <td> Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection. </td> </tr> <tr class="sub technique"> <td></td> <td> <a href="/versions/v9/techniques/T1567/002"> .002 </a> </td> <td> <a href="/versions/v9/techniques/T1567/002"> Exfiltration to Cloud Storage </a> </td> <td> Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. Cloud storage services allow for the storage, edit, and retrieval of data from a remote cloud storage server over the Internet. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1029"> T1029 </a> </td> <td> <a href="/versions/v9/techniques/T1029"> Scheduled Transfer </a> </td> <td> Adversaries may schedule data exfiltration to be performed only at certain times of day or at certain intervals. This could be done to blend traffic patterns with normal activity or availability. </td> </tr> <tr class="technique"> <td colspan="2"> <a href="/versions/v9/techniques/T1537"> T1537 </a> </td> <td> <a href="/versions/v9/techniques/T1537"> Transfer Data to Cloud Account </a> </td> <td> Adversaries may exfiltrate data by transferring the data, including backups of cloud environments, to another cloud account they control on the same service to avoid typical file transfers/downloads and network-based exfiltration detection. </td> </tr> </tbody> </table> </div> </div> </div> </div> </div> </div> </div> </div>  <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner">  <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">×</div> </div> </div>  <div id="search-body" class="search-body"> <div class="results" id="search-results">  </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> 漏 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&CK content version 9.0Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100">  <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div>  <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?6525"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script>  <script src="/versions/v9/theme/scripts/navigation.js"></script> </body> </html>

CINXE.COM

Exfiltration, Tactic TA0010 - Enterprise | MITRE ATT&CK®