T1011 — Exfiltration Over Other Network Medium

coverage gap

Technique

T1011

Tactics

Exfiltration

MISP citations

0

KEV CVEs mapped

4

Community rules

0

thrunt rules

0

Upstream

https://attack.mitre.org/techniques/T1011

MITRE description

Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the command and control network is a wired Internet connection, the exfiltration may occur, for example, over a WiFi connection, modem, cellular data connection, Bluetooth, or another radio frequency (RF) channel. Adversaries may choose to do this if they have sufficient access or proximity, and the connection might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.

KEV CVEs mapped to this technique

Per MITRE CTID's hand-curated KEV→ATT&CK mappings — these are the actively-exploited vulnerabilities behind this technique's KEV signal.

• CVE-2024-53150
• CVE-2024-50302
• CVE-2024-40891
• CVE-2024-40890

Detection coverage

No detection coverage exists for this technique — no SigmaHQ community rule carries its tag and thrunt has not authored one yet. Techniques on this list are exactly where hand-authoring effort goes next; see the rollup for the full queue.

Signal counts reflect the current corpus snapshot: MISP citations are regex-extracted from CIRCL OSINT event text and galaxy tags; KEV mappings come from MITRE CTID; community coverage is the SigmaHQ rule inventory (core, emerging-threats, threat-hunting collections) at release —. Rule bodies are not mirrored — links go upstream.