T1020 - Automated Exfiltration
Tactics:
Exfiltration
Exfiltration
Platforms:
Linux macOS Network Devices Windows
Linux macOS Network Devices Windows
Detection:
Not specified
Not specified
Description:
Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.(Citation: ESET Gamaredon June 2020)
When automated exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041) and [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048).
When automated exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041) and [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048).
Used by Actors (6)
Malware (20)
StrongPity other
Hannotog other
CosmicDuke other
Machete other
Doki other
Rover other
LightNeuron other
Peppy other
TINYTYPHON other
Attor other
Crutch other
StrelaStealer other
USBStealer other
TajMahal other
Raccoon Stealer other
Solar other
OutSteel other
Ebury other
ShimRatReporter tool
Empire tool
Metadata
| MITRE ID: | T1020 |
| STIX ID: | attack-pattern--774a3188-6ba9-... |
| Platforms: | Linux, macOS, Network Devices, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |