Find sigma rule
Attack: Data Transfer Size Limits
An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
MITRE
Tactic
- exfiltration
technique
- T1030
Test : Data Transfer Size Limits
OS
- macos
- linux
Description:
Take a file/directory, split it into 5Mb chunks
Executor
sh