Suspicious Data Movement

Description

This anomaly contains multiple detection methods surrounding suspicious data movement (e.g., sending email to self, external DLP alarms, etc.)

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat

Category

Data Exfiltration, Endpoint Compromise, Lateral Movement

Alert Volume

Low

Journey

Stage 6

MITRE ATT&CK Tactics

Collection
Exfiltration

MITRE ATT&CK Techniques

Data from Information Repositories
Data from Network Shared Drive
Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol
Exfiltration
Exfiltration Over Other Network Medium
Collection

MITRE Threat Groups

APT3
APT32
BRONZE BUTLER
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
MuddyWater
Sandworm Team
Soft Cell
Sowbug
Stealth Falcon
Turla
Wizard Spider
menuPass

Data Sources

DLP
Endpoint Detection and Response
Email
Network Communication
Web Proxy