MITRE ATT&CK Technique
Exfiltration
T1030
Description
An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
Supported Platforms
Linux
macOS
Windows
ESXi
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2017-05-31T21:30:34.523Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'An adversary may exfiltrate data in fixed size chunks instead '
'of whole files or limit packet sizes below certain '
'thresholds. This approach may be used to avoid triggering '
'network data transfer threshold alerts.',
'external_references': [{'external_id': 'T1030',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1030'},
{'description': 'Gardiner, J., Cova, M., Nagaraja, '
'S. (2014, February). Command & '
'Control Understanding, Denying and '
'Detecting. Retrieved April 20, 2016.',
'source_name': 'University of Birmingham C2',
'url': 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf'}],
'id': 'attack-pattern--c3888c54-775d-4b2f-b759-75a2ececcbfd',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'exfiltration'}],
'modified': '2025-10-24T17:49:20.770Z',
'name': 'Data Transfer Size Limits',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Linux', 'macOS', 'Windows', 'ESXi'],
'x_mitre_version': '1.1'}