T1565.001 Stored Data Manipulation Mappings

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: FireEye APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating stored data, adversaries may attempt to affect a business process, organizational understanding, and decision making.

Stored data could include a variety of file formats, such as Office files, databases, stored emails, and custom file formats. The type of modification and the impact it will have depends on the type of data as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-3 Access Enforcement Protects T1565.001 Stored Data Manipulation
CA-7 Continuous Monitoring Protects T1565.001 Stored Data Manipulation
CM-2 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-6 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-8 System Component Inventory Protects T1565.001 Stored Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565.001 Stored Data Manipulation
CP-6 Alternate Storage Site Protects T1565.001 Stored Data Manipulation
CP-7 Alternate Processing Site Protects T1565.001 Stored Data Manipulation
CP-9 System Backup Protects T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565.001 Stored Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-7 Boundary Protection Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-23 Information Fragmentation Protects T1565.001 Stored Data Manipulation
SI-4 System Monitoring Protects T1565.001 Stored Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
attribute.integrity.variety.Modify data Modified stored data or content related-to T1565.001 Data Manipulation: Stored Data Manipulation