T1213 Data from Information Repositories Mappings

Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid adversaries in further objectives, or direct access to the target information. Adversaries may also abuse external sharing features to share sensitive documents with recipients outside of the organization.

The following is a brief list of example information that may hold potential value to an adversary and may also be found on an information repository:

  • Policies, procedures, and standards
  • Physical / logical network diagrams
  • System architecture diagrams
  • Technical system documentation
  • Testing / development credentials
  • Work / project schedules
  • Source code snippets
  • Links to network shares and other internal resources

Information stored in a repository may vary based on the specific instance or environment. Specific common information repositories include web-based platforms such as Sharepoint and Confluence, specific services such as Code Repositories, IaaS databases, enterprise databases, and other storage infrastructure such as SQL Server.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-2 Account Management Protects T1213 Data from Information Repositories
AC-21 Information Sharing Protects T1213 Data from Information Repositories
AC-23 Data Mining Protection Protects T1213 Data from Information Repositories
AC-3 Access Enforcement Protects T1213 Data from Information Repositories
AC-4 Information Flow Enforcement Protects T1213 Data from Information Repositories
AC-5 Separation of Duties Protects T1213 Data from Information Repositories
AC-6 Least Privilege Protects T1213 Data from Information Repositories
CA-7 Continuous Monitoring Protects T1213 Data from Information Repositories
CA-8 Penetration Testing Protects T1213 Data from Information Repositories
CM-2 Baseline Configuration Protects T1213 Data from Information Repositories
CM-3 Configuration Change Control Protects T1213 Data from Information Repositories
CM-5 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-6 Configuration Settings Protects T1213 Data from Information Repositories
CM-7 Least Functionality Protects T1213 Data from Information Repositories
CM-8 System Component Inventory Protects T1213 Data from Information Repositories
IA-2 Identification and Authentication (organizational Users) Protects T1213 Data from Information Repositories
IA-4 Identifier Management Protects T1213 Data from Information Repositories
IA-8 Identification and Authentication (non-organizational Users) Protects T1213 Data from Information Repositories
RA-5 Vulnerability Monitoring and Scanning Protects T1213 Data from Information Repositories
SC-28 Protection of Information at Rest Protects T1213 Data from Information Repositories
SI-4 System Monitoring Protects T1213 Data from Information Repositories
SI-7 Software, Firmware, and Information Integrity Protects T1213 Data from Information Repositories

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1213.003 Code Repositories 14
T1213.001 Confluence 24
T1213.002 Sharepoint 24