Suspicious Data Movement

Description

This anomaly contains multiple detection methods surrounding suspicious data movement (e.g., sending email to self, external DLP alarms, etc.)

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat

Category

Lateral Movement, Endpoint Compromise, Data Exfiltration

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

MITRE ATT&CK Tactics

Collection
Exfiltration

MITRE ATT&CK Techniques

Data from Information Repositories
Data from Network Shared Drive
Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol
Exfiltration
Exfiltration Over Other Network Medium
Collection

MITRE Threat Groups

APT3
APT32
BRONZE BUTLER
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
MuddyWater
Sandworm Team
Soft Cell
Sowbug
Stealth Falcon
Turla
Wizard Spider
menuPass

Data Sources

Network Communication
DLP
Email
Endpoint Detection and Response
Web Proxy