Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Adversaries may do this using a Command and Scripting Interpreter, such as cmd as well as a Network Device CLI, which have functionality to interact with the file system to gather information.(Citation: show_run_config_cmd_cisco) Adversaries may also use Automated Collection on the local system.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-03 | Access Enforcement | Protects | T1005 | Data from Local System |
| AC-06 | Least Privilege | Protects | T1005 | Data from Local System |
| CM-12 | Information Location | Protects | T1005 | Data from Local System |
| CP-09 | System Backup | Protects | T1005 | Data from Local System |
| SA-08 | Security and Privacy Engineering Principles | Protects | T1005 | Data from Local System |
| SC-13 | Cryptographic Protection | Protects | T1005 | Data from Local System |
| SC-28 | Protection of Information at Rest | Protects | T1005 | Data from Local System |
| SC-38 | Operations Security | Protects | T1005 | Data from Local System |
| SI-03 | Malicious Code Protection | Protects | T1005 | Data from Local System |
| SI-04 | System Monitoring | Protects | T1005 | Data from Local System |
| AC-16 | Security and Privacy Attributes | Protects | T1005 | Data from Local System |
| AC-02 | Account Management | Protects | T1005 | Data from Local System |
| AC-23 | Data Mining Protection | Protects | T1005 | Data from Local System |