Can’t Touch This: Data Exfiltration via Finger
ATT&CK techniques detected
T1105Ingress Tool Transfer
94%
“demonstrates how threat actors continue to integrate and repurpose freely available tools and techniques in their attacks. in addition to the “ finger ” commands, the ip address 185. 56. 83. 82 was also used by the threat actor in both curl. exe and powershell commands to downloa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1041Exfiltration Over C2 Channel
84%
“a finger server or “ daemon. ” it was originally developed in 1971 to provide a means for users to query remote systems for a list of logged - in users. the finger protocol uses tcp port 79 to communicate, and it was originally developed for unix systems. however, windows systems…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors frequently make use of native utilities during incidents. However, this blog post discusses a rarely-observed means of data exfiltration.