Navigation :
Suspicious Data Movement
Description
This anomaly contains multiple detection methods surrounding suspicious data movement (e.g., sending email to self, external DLP alarms, etc.)
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Insider Threat
Category
Lateral Movement, Endpoint Compromise, Data Exfiltration
Alert Volume
Low
(?)SPL Difficulty
None
Journey
Stage 6
MITRE ATT&CK Tactics
Collection
Exfiltration
MITRE ATT&CK Techniques
Data from Information Repositories
Data from Network Shared Drive
Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol
Exfiltration
Exfiltration Over Other Network Medium
Collection
MITRE Threat Groups
APT3
APT32
BRONZE BUTLER
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
MuddyWater
Sandworm Team
Soft Cell
Sowbug
Stealth Falcon
Turla
Wizard Spider
menuPass
Data Sources
Network Communication
DLP
Email
Endpoint Detection and Response
Web Proxy