Data Export From MSSQL Table Via BCP.EXE (c615d676-f655-46b9-b913-78729021e5d7)
Detects the execution of the BCP utility in order to export data from the database. Attackers were seen saving their malware to a database column or table and then later extracting it via "bcp.exe" into a file.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) | Attack Pattern | Data Export From MSSQL Table Via BCP.EXE (c615d676-f655-46b9-b913-78729021e5d7) | Sigma-Rules | 1 |