Find sigma rule
Attack: Data Transfer Size Limits
An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
MITRE
Tactic
- exfiltration
technique
- T1030
Test : Network-Based Data Transfer in Small Chunks
OS
- windows
Description:
Simulate transferring data over a network in small chunks to evade detection.
Executor
powershell