The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.
View in MITRE ATT&CK®| Technique ID | Technique Name | Number of Mappings | Number of Subtechniques |
|---|---|---|---|
| T1557 | Adversary-in-the-Middle | 24 | 2 |
| T1560 | Archive Collected Data | 5 | 1 |
| T1119 | Automated Collection | 17 | 0 |
| T1185 | Browser Session Hijacking | 14 | 0 |
| T1530 | Data from Cloud Storage Object | 33 | 0 |
| T1602 | Data from Configuration Repository | 25 | 2 |
| T1213 | Data from Information Repositories | 24 | 3 |
| T1005 | Data from Local System | 13 | 0 |
| T1025 | Data from Removable Media | 15 | 0 |
| T1114 | Email Collection | 14 | 3 |