Find sigma rule

Attack: Data Transfer Size Limits

An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.

MITRE

Tactic

exfiltration

technique

T1030

Test : Network-Based Data Transfer in Small Chunks

OS

windows

Description:

Simulate transferring data over a network in small chunks to evade detection.

Executor

powershell

Sigma Rule

back

sigma_redcanaryco

Knowing which rule should trigger according to the redcannary test