216.73.217.22

T1030: T1030

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 17/04/2026 12:45

Essential information

MITRE technique ID
T1030
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
17/04/2026 12:45
Author / Source
The MITRE Corporation

Aliases

Data Transfer Size Limits

Platforms

windows macos linux ESXi

Description

An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.

Kill chain phases

Kill chainPhase
mitre-attack exfiltration

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (13)

  • UNC5820 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:03 · Modified 21/12/2025 08:03
  • Kimsuky uses Black BansheeVelvet Chollima
    The MITRE Corporation Confidence 100

    [Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • play uses
    The MITRE Corporation Confidence 100

    Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numerous organizations in Latin America. Its Initial Access method is quite similar to …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • CozyDuke uses IRON RITUALIRON HEMLOCK
    The MITRE Corporation Confidence 100

    [APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • Bitter uses T-APT-17
    The MITRE Corporation Confidence 100

    [BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 09/04/2026 20:05
  • Blackwood uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:55 · Modified 21/12/2025 02:55
  • LuminousMoth uses
    The MITRE Corporation Confidence 100

    [LuminousMoth](https://attack.mitre.org/groups/G1014) is a Chinese-speaking cyber espionage group that has been active since at least October 2020. [LuminousMoth](https://attack.mitre.org/groups/G1014) has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • APT41 uses Wicked PandaBrass Typhoon
    The MITRE Corporation Confidence 100

    [APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Worok uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:03 · Modified 20/12/2025 22:03
  • APT28 uses IRON TWILIGHTSNAKEMACKEREL
    The MITRE Corporation Confidence 100

    [APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 08/04/2026 13:02
  • MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS
    The MITRE Corporation Confidence 100

    [Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
  • Threat Group-3390 uses Earth SmilodonTG-3390
    The MITRE Corporation Confidence 100

    [Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010 …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Icarus related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 23/06/2026 11:20 · Modified 23/06/2026 11:20

Malware (32)

  • KoboldLoader
  • Robin Banks
  • 64677CAE14A2EC4D393A81548417B61B uses
    Family
    Published 27/03/2025 21:47 · Modified 27/03/2025 21:47
  • Kevin
  • OopsIE
  • GoldPickaxe uses
    Family
    Published 20/02/2025 20:48 · Modified 20/02/2025 20:48
  • Roarur uses
    Family
    Published 20/05/2026 17:45 · Modified 20/05/2026 17:45
  • HookSpoofer
  • Agent Racoon
  • POSHSPY
  • UniShadowTrade uses
    Family
    Published 04/10/2024 10:27 · Modified 04/10/2024 10:27
  • Ntospy
  • CGrabber Stealer uses
    Family
    Published 17/04/2026 09:21 · Modified 17/04/2026 09:21
  • Carbanak
  • Virlock
  • Almond
  • ZxxZ
  • Hydraq - S0203 uses
    Family
    Published 20/05/2026 17:45 · Modified 20/05/2026 17:45
  • LithiumLoader
  • AppleSeed
  • ObliqueRAT
  • LunarWeb uses
    Family
    Published 16/05/2024 09:35 · Modified 16/05/2024 09:35
  • StealBit
  • Kessel
  • Mimilite
  • MuuyDownloader
  • RDAT uses
    Family The MITRE Corporation Confidence 100

    [RDAT](https://attack.mitre.org/software/S0495) is a backdoor used by the suspected Iranian threat group [OilRig](https://attack.mitre.org/groups/G0049). [RDAT](https://attack.mitre.org/software/S0495) was originally identified in 2017 and targeted companies in the telecommunications sector.(Citation: Unit42 RDAT July …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:36 · Modified 27/03/2026 01:03
  • Direct-Sys Loader uses
    Family
    Published 17/04/2026 09:21 · Modified 17/04/2026 09:21
  • MagnetLoader
  • Helminth
  • Cobalt Strike uses
    Family
    Published 16/12/2024 14:25 · Modified 16/12/2024 14:25
  • Gootloader uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29

Reports (8)

Vulnerabilities (CVE) (2)

CVE-2018-0798 KEV

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published
03/11/2021
Modified
27/05/2026
CVE-2024-47575 KEV
9.8 Critical

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager …

Attack vector
Network
Published
23/10/2024
Modified
21/12/2025
Analyzed

Tool (2)

  • Mythic uses
    The MITRE Corporation Confidence 100

    [Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed …

    Published 26/03/2022 02:38 · Modified 27/03/2026 01:07
  • Rclone uses
    The MITRE Corporation Confidence 100

    [Rclone](https://attack.mitre.org/software/S1040) is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. [Rclone](https://attack.mitre.org/software/S1040) has been used in a …

    Published 16/12/2025 19:37 · Modified 27/03/2026 01:07

Course Of Action (1)

  • Network Intrusion Prevention mitigates

Campaign (2)

  • C0015 uses
  • C0026 uses