Outbound Network Traffic

Access Control Configuration

Access Control List

Access Token

Administrative Network Traffic

Alias

Application

Application Configuration

Application Configuration Database

Application Configuration Database Record

Application Configuration File

Application Layer Firewall

Application Process

Application Process Configuration

Application Rule

Application Shim

Archive File

Artifact Server

Asymmetric Key

Audio Input Device

Authenticate User

Authentication

Authentication Log

Authentication Server

Authentication Service

Authorization

Authorization Log

Authorization Service

Barcode Scanner Input Device

Binary Large Object

Binary Segment

Blob

Block Device

Boot Loader

Boot Record

Boot Sector

Browser

Browser Extension

Build Tool

Business Communication Platform Client

CA Certificate File

Call Stack

Certificate

Certificate File

Certificate Trust Store

Chatroom Client

Child Process

Client Application

Client Computer

Clipboard

Cloud Configuration

Cloud Instance Metadata

Cloud Service Authentication

Cloud Service Authorization

Cloud Storage

Cloud User Account

Code Analyzer

Code Repository

Collaborative Software

Command

Command History Log

Command History Log File

Command Line Interface

Compiler

Compiler Configuration File

Computing Server

Configuration Bearing Entity

Configuration File

Connect Socket

Container Build Tool

Container Image

Container Orchestration Software

Container Process

Container Runtime

Copy Token

Create File

Create Process

Create Socket

Create Thread

Credential

Credential Management System

Cryptographic Key

Custom Archive File

DNS Lookup

DNS Network Traffic

DNS Record

DNS Server

Data Artifact Server

Database

Database Query

Database Server

Decoy Artifact

Default User Account

Desktop Computer

Developer Application

Dial Up Modem

Digital Artifact

Digital System

Object Properties

name: Outbound Network Traffic
abbreviated IRI: d3f:OutboundNetworkTraffic
definition: Outbound traffic is network traffic originating from a host of interest (client), to another host (server).

Neighbors

OutboundNetworkTraffic has no direct neighbors in this release.

Inferred Relationships

This page is experimental and may change significantly in future releases.

Hierarchy

(filtered)

Related Countermeasure Techniques

graph LR; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | NetworkTraffic["Network Traffic"]; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | NetworkTraffic["Network Traffic"]; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | NetworkTraffic["Network Traffic"]; class Client-serverPayloadProfiling DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | NetworkTraffic["Network Traffic"]; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | NetworkTraffic["Network Traffic"]; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | NetworkTraffic["Network Traffic"]; class NetworkTrafficFiltering DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | NetworkTraffic["Network Traffic"]; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class NetworkTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; click NetworkTraffic href "/dao/artifact/d3f:NetworkTraffic";DNSTrafficAnalysis["DNS Traffic Analysis"] --> | analyzes | OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class DNSTrafficAnalysis DefensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click DNSTrafficAnalysis href "/technique/d3f:DNSTrafficAnalysis"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";DNSAllowlisting["DNS Allowlisting"] --> | blocks | OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class DNSAllowlisting DefensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click DNSAllowlisting href "/technique/d3f:DNSAllowlisting"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";ForwardResolutionDomainDenylisting["Forward Resolution Domain Denylisting"] --> | blocks | OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class ForwardResolutionDomainDenylisting DefensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click ForwardResolutionDomainDenylisting href "/technique/d3f:ForwardResolutionDomainDenylisting"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";ReverseResolutionIPDenylisting["Reverse Resolution IP Denylisting"] --> | blocks | OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class ReverseResolutionIPDenylisting DefensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click ReverseResolutionIPDenylisting href "/technique/d3f:ReverseResolutionIPDenylisting"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";RelayPatternAnalysis["Relay Pattern Analysis"] --> | analyzes | OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class RelayPatternAnalysis DefensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click RelayPatternAnalysis href "/technique/d3f:RelayPatternAnalysis"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";OutboundTrafficFiltering["Outbound Traffic Filtering"] --> | filters | OutboundNetworkTraffic["Outbound Network Traffic"]; class OutboundTrafficFiltering DefensiveTechniqueNode; class OutboundNetworkTraffic ArtifactNode; click OutboundTrafficFiltering href "/technique/d3f:OutboundTrafficFiltering"; click OutboundNetworkTraffic href "/dao/artifact/d3f:OutboundNetworkTraffic";

Related Offensive Techniques

graph LR; T1568["Dynamic Resolution"] --> |produces| OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class T1568 OffensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click T1568 href "/offensive-technique/attack/T1568/"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";T1071004["DNS"] --> |produces| OutboundInternetDNSLookupTraffic["Outbound Internet DNS Lookup Traffic"]; class T1071004 OffensiveTechniqueNode; class OutboundInternetDNSLookupTraffic ArtifactNode; click T1071004 href "/offensive-technique/attack/T1071.004/"; click OutboundInternetDNSLookupTraffic href "/dao/artifact/d3f:OutboundInternetDNSLookupTraffic";T1567001["Exfiltration to Code Repository"] --> |may-produce| OutboundInternetEncryptedRemoteTerminalTraffic["Outbound Internet Encrypted Remote Terminal Traffic"]; class T1567001 OffensiveTechniqueNode; class OutboundInternetEncryptedRemoteTerminalTraffic ArtifactNode; click T1567001 href "/offensive-technique/attack/T1567.001/"; click OutboundInternetEncryptedRemoteTerminalTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedRemoteTerminalTraffic";T1573["Encrypted Channel"] --> |produces| OutboundInternetEncryptedTraffic["Outbound Internet Encrypted Traffic"]; class T1573 OffensiveTechniqueNode; class OutboundInternetEncryptedTraffic ArtifactNode; click T1573 href "/offensive-technique/attack/T1573/"; click OutboundInternetEncryptedTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedTraffic";T1573001["Symmetric Cryptography"] --> |creates| OutboundInternetEncryptedTraffic["Outbound Internet Encrypted Traffic"]; class T1573001 OffensiveTechniqueNode; class OutboundInternetEncryptedTraffic ArtifactNode; click T1573001 href "/offensive-technique/attack/T1573.001/"; click OutboundInternetEncryptedTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedTraffic";T1573002["Asymmetric Cryptography"] --> |creates| OutboundInternetEncryptedTraffic["Outbound Internet Encrypted Traffic"]; class T1573002 OffensiveTechniqueNode; class OutboundInternetEncryptedTraffic ArtifactNode; click T1573002 href "/offensive-technique/attack/T1573.002/"; click OutboundInternetEncryptedTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedTraffic";T1048001["Exfiltration Over Symmetric Encrypted Non-C2 Protocol"] --> |produces| OutboundInternetEncryptedTraffic["Outbound Internet Encrypted Traffic"]; class T1048001 OffensiveTechniqueNode; class OutboundInternetEncryptedTraffic ArtifactNode; click T1048001 href "/offensive-technique/attack/T1048.001/"; click OutboundInternetEncryptedTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedTraffic";T1048002["Exfiltration Over Asymmetric Encrypted Non-C2 Protocol"] --> |produces| OutboundInternetEncryptedTraffic["Outbound Internet Encrypted Traffic"]; class T1048002 OffensiveTechniqueNode; class OutboundInternetEncryptedTraffic ArtifactNode; click T1048002 href "/offensive-technique/attack/T1048.002/"; click OutboundInternetEncryptedTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedTraffic";T1090004["Domain Fronting"] --> |produces| OutboundInternetEncryptedWebTraffic["Outbound Internet Encrypted Web Traffic"]; class T1090004 OffensiveTechniqueNode; class OutboundInternetEncryptedWebTraffic ArtifactNode; click T1090004 href "/offensive-technique/attack/T1090.004/"; click OutboundInternetEncryptedWebTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedWebTraffic";T1567001["Exfiltration to Code Repository"] --> |may-produce| OutboundInternetEncryptedWebTraffic["Outbound Internet Encrypted Web Traffic"]; class T1567001 OffensiveTechniqueNode; class OutboundInternetEncryptedWebTraffic ArtifactNode; click T1567001 href "/offensive-technique/attack/T1567.001/"; click OutboundInternetEncryptedWebTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedWebTraffic";T1567002["Exfiltration to Cloud Storage"] --> |produces| OutboundInternetEncryptedWebTraffic["Outbound Internet Encrypted Web Traffic"]; class T1567002 OffensiveTechniqueNode; class OutboundInternetEncryptedWebTraffic ArtifactNode; click T1567002 href "/offensive-technique/attack/T1567.002/"; click OutboundInternetEncryptedWebTraffic href "/dao/artifact/d3f:OutboundInternetEncryptedWebTraffic";T1071002["File Transfer Protocols"] --> |produces| OutboundInternetFileTransferTraffic["Outbound Internet File Transfer Traffic"]; class T1071002 OffensiveTechniqueNode; class OutboundInternetFileTransferTraffic ArtifactNode; click T1071002 href "/offensive-technique/attack/T1071.002/"; click OutboundInternetFileTransferTraffic href "/dao/artifact/d3f:OutboundInternetFileTransferTraffic";T1071003["Mail Protocols"] --> |produces| OutboundInternetMailTraffic["Outbound Internet Mail Traffic"]; class T1071003 OffensiveTechniqueNode; class OutboundInternetMailTraffic ArtifactNode; click T1071003 href "/offensive-technique/attack/T1071.003/"; click OutboundInternetMailTraffic href "/dao/artifact/d3f:OutboundInternetMailTraffic";T1001["Data Obfuscation"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1001 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1001 href "/offensive-technique/attack/T1001/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1008["Fallback Channels"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1008 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1008 href "/offensive-technique/attack/T1008/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1071["Application Layer Protocol"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1071 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1071 href "/offensive-technique/attack/T1071/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1095["Non-Application Layer Protocol"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1095 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1095 href "/offensive-technique/attack/T1095/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1104["Multi-Stage Channels"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1104 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1104 href "/offensive-technique/attack/T1104/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1105["Ingress Tool Transfer"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1105 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1105 href "/offensive-technique/attack/T1105/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1132["Data Encoding"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1132 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1132 href "/offensive-technique/attack/T1132/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1219["Remote Access Software"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1219 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1219 href "/offensive-technique/attack/T1219/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1571["Non-Standard Port"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1571 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1571 href "/offensive-technique/attack/T1571/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1572["Protocol Tunneling"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1572 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1572 href "/offensive-technique/attack/T1572/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1090002["External Proxy"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1090002 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1090002 href "/offensive-technique/attack/T1090.002/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1090003["Multi-hop Proxy"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1090003 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1090003 href "/offensive-technique/attack/T1090.003/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1048003["Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1048003 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1048003 href "/offensive-technique/attack/T1048.003/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1189["Drive-by Compromise"] --> |produces| OutboundInternetNetworkTraffic["Outbound Internet Network Traffic"]; class T1189 OffensiveTechniqueNode; class OutboundInternetNetworkTraffic ArtifactNode; click T1189 href "/offensive-technique/attack/T1189/"; click OutboundInternetNetworkTraffic href "/dao/artifact/d3f:OutboundInternetNetworkTraffic";T1102["Web Service"] --> |produces| OutboundInternetWebTraffic["Outbound Internet Web Traffic"]; class T1102 OffensiveTechniqueNode; class OutboundInternetWebTraffic ArtifactNode; click T1102 href "/offensive-technique/attack/T1102/"; click OutboundInternetWebTraffic href "/dao/artifact/d3f:OutboundInternetWebTraffic";T1071001["Web Protocols"] --> |produces| OutboundInternetWebTraffic["Outbound Internet Web Traffic"]; class T1071001 OffensiveTechniqueNode; class OutboundInternetWebTraffic ArtifactNode; click T1071001 href "/offensive-technique/attack/T1071.001/"; click OutboundInternetWebTraffic href "/dao/artifact/d3f:OutboundInternetWebTraffic";T1197["BITS Jobs"] --> |may-produce| OutboundInternetWebTraffic["Outbound Internet Web Traffic"]; class T1197 OffensiveTechniqueNode; class OutboundInternetWebTraffic ArtifactNode; click T1197 href "/offensive-technique/attack/T1197/"; click OutboundInternetWebTraffic href "/dao/artifact/d3f:OutboundInternetWebTraffic";T1204001["Malicious Link Execution"] --> |produces| OutboundInternetWebTraffic["Outbound Internet Web Traffic"]; class T1204001 OffensiveTechniqueNode; class OutboundInternetWebTraffic ArtifactNode; click T1204001 href "/offensive-technique/attack/T1204.001/"; click OutboundInternetWebTraffic href "/dao/artifact/d3f:OutboundInternetWebTraffic";T1567["Exfiltration Over Web Service"] --> |produces| OutboundInternetWebTraffic["Outbound Internet Web Traffic"]; class T1567 OffensiveTechniqueNode; class OutboundInternetWebTraffic ArtifactNode; click T1567 href "/offensive-technique/attack/T1567/"; click OutboundInternetWebTraffic href "/dao/artifact/d3f:OutboundInternetWebTraffic";