Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-16 | Security and Privacy Attributes | Protects | T1005 | Data from Local System |
| AC-2 | Account Management | Protects | T1005 | Data from Local System |
| AC-23 | Data Mining Protection | Protects | T1005 | Data from Local System |
| AC-3 | Access Enforcement | Protects | T1005 | Data from Local System |
| AC-6 | Least Privilege | Protects | T1005 | Data from Local System |
| CM-12 | Information Location | Protects | T1005 | Data from Local System |
| CP-9 | System Backup | Protects | T1005 | Data from Local System |
| SA-8 | Security and Privacy Engineering Principles | Protects | T1005 | Data from Local System |
| SC-13 | Cryptographic Protection | Protects | T1005 | Data from Local System |
| SC-28 | Protection of Information at Rest | Protects | T1005 | Data from Local System |
| SC-38 | Operations Security | Protects | T1005 | Data from Local System |
| SI-3 | Malicious Code Protection | Protects | T1005 | Data from Local System |
| SI-4 | System Monitoring | Protects | T1005 | Data from Local System |