GET /api/techniques/387/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 387,
"key": "exfiltration-via-smtp",
"unprotect_id": "U0912",
"name": "Exfiltration via SMTP",
"description": "Exfiltration via SMTP is a technique where attackers leverage the Simple Mail Transfer Protocol (SMTP) to exfiltrate data. This method involves sending stolen data, such as sensitive files or system information, via email to an attacker-controlled email account. By using email traffic, attackers can often bypass traditional network monitoring solutions since SMTP traffic is usually deemed legitimate.\r\n\r\nTo execute such exfiltration, attackers can embed hardcoded credentials within malware to connect to an email server. The malware sends the exfiltrated data as email attachments, taking advantage of popular SMTP providers like Gmail or Outlook to facilitate the transfer. The use of SSL/TLS encryption for securing emails further complicates detection efforts.\r\n\r\nAlthough this specific example is focused on data exfiltration, SMTP can also be adapted to function as a communication channel for C2 by encoding commands and responses within email messages.",
"windows": "",
"linux": "",
"macos": "",
"resources": "",
"creation_date": "2025-01-09T04:37:44.929568Z",
"tags": "Email, Exfiltration, SMTPabuse",
"modification_date": "2025-01-09T23:45:42.218871Z",
"category": [
9
],
"rules": [
164
],
"attachments": [],
"featured_api": [],
"contributors": [
49
]
}
