- Identify the location used by a malicious actor to stage data. Be specific.
- Describe the type of data that was staged.
- Apply the information learned to evaluate why that location was used.
- Apply the information learned to evaluate why the data were staged rather than immediately exfiltrated.
- Provide the URL(s) to the resource(s) used.