Skip to content

Hide Navigation Hide TOC

Suspicious Outbound SMTP Connections (9976fa64-2804-423c-8a5b-646ade840773)

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Outbound SMTP Connections (9976fa64-2804-423c-8a5b-646ade840773) Sigma-Rules Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2