Skip to content

Hide Navigation Hide TOC

Data Exfiltration with Wget (cb39d16b-b3b6-4a7a-8222-1cf24b686ffc)

Detects attempts to post the file with the usage of wget utility. The adversary can bypass the permission restriction with the misconfigured sudo permission for wget utility which could allow them to read files like /etc/shadow.

Cluster A Galaxy A Cluster B Galaxy B Level
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Data Exfiltration with Wget (cb39d16b-b3b6-4a7a-8222-1cf24b686ffc) Sigma-Rules 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2