Find sigma rule

Attack: Data Transfer Size Limits

An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.

MITRE

Tactic

exfiltration

technique

T1030

Test : Data Transfer Size Limits

OS

macos
linux

Description:

Take a file/directory, split it into 5Mb chunks

Executor

Sigma Rule

back

sigma_redcanaryco

Knowing which rule should trigger according to the redcannary test