Exfiltration Over Web Service: Exfiltration to Code Repository (T1567.001)

Tactic: Exfiltration · Platforms: ESXi, Linux, macOS, Windows

The interactive view maps 1 detection strategy, 1 mitigation, 2 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.

Sub-technique of Exfiltration Over Web Service (T1567).

Overview

Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection.

Exfiltration to a code repository can also provide a significant amount of cover to the adversary if it is a popular service already used by hosts within the network.

Explore