T1041 - Exfiltration Over C2 Channel
Tactics:
Exfiltration
Exfiltration
Platforms:
ESXi Linux macOS Windows
ESXi Linux macOS Windows
Detection:
Not specified
Not specified
Description:
Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
Used by Actors (20)
APT3
Nation-state
Nation-state
Lazarus Group
Nation-state
Nation-state
Stealth Falcon
Nation-state
Nation-state
Gamaredon Group
Unknown
Unknown
APT32
Nation-state
Nation-state
Kimsuky
Nation-state
Nation-state
MuddyWater
Nation-state
Nation-state
MUSTANG PANDA
Nation-state
Nation-state
WIZARD SPIDER
Nation-state
Nation-state
APT39
Unknown
Unknown
Higaisa
Nation-state
Nation-state
GALLIUM
Unknown
Unknown
Scattered Spider
Unknown
Unknown
Winter Vivern
Unknown
Unknown
LuminousMoth
Unknown
Unknown
Sandworm Team
Unknown
Unknown
Ke3chang
Unknown
Unknown
Leviathan
Unknown
Unknown
Chimera
Unknown
Unknown
CURIUM
Unknown
Unknown
Malware (20)
TrickBot other
BLINDINGCAN other
Pikabot other
Spark other
Bumblebee other
Amadey other
Proxysvc other
Torisma other
Stuxnet other
RotaJakiro other
KOPILUWAK other
Misdat other
HAWKBALL other
Ursnif other
ZLib other
InvisibleFerret other
Bankshot other
SharpDisco other
StrongPity other
AppleSeed other
Metadata
| MITRE ID: | T1041 |
| STIX ID: | attack-pattern--92d7da27-2d91-... |
| Platforms: | ESXi, Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |