216.73.217.22

T1567.001: T1567.001

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 30/03/2026 12:12

Essential information

MITRE technique ID
T1567.001
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
30/03/2026 12:12
Author / Source
The MITRE Corporation

Aliases

Exfiltration to Code Repository

Platforms

windows macos linux ESXi

Description

Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection. Exfiltration to a code repository can also provide a significant amount of cover to the adversary if it is a popular service already used by hosts within the network.

Kill chain phases

Kill chainPhase
mitre-attack exfiltration

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.