| ID | Name |
|---|---|
| ATAGS-T1203.001 | Exfiltration to Code Repository |
| ATAGS-T1203.002 | Exfiltration to Cloud Storage |
| ATAGS-T1203.003 | Exfiltration to Text Storage Sites |
| ATAGS-T1203.004 | Exfiltration Over Webhook |
Threat Actors may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.