T1119 Automated Collection Mappings

Once established within a system or network, an adversary may use automated techniques for collecting internal data. Methods for performing this technique could include use of a Command and Scripting Interpreter to search for and copy information fitting set criteria such as file type, location, or name at specific time intervals. In cloud-based environments, adversaries may also use cloud APIs, command line interfaces, or extract, transform, and load (ETL) services to automatically collect data. This functionality could also be built into remote access tools.

This technique may incorporate use of other techniques such as File and Directory Discovery and Lateral Tool Transfer to identify and move files, as well as Cloud Service Dashboard and Cloud Storage Object Discovery to identify resources in cloud environments.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-17 Remote Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1119 Automated Collection
CM-02 Baseline Configuration Protects T1119 Automated Collection
CM-06 Configuration Settings Protects T1119 Automated Collection
CM-08 System Component Inventory Protects T1119 Automated Collection
CP-06 Alternate Storage Site Protects T1119 Automated Collection
CP-07 Alternate Processing Site Protects T1119 Automated Collection
CP-09 System Backup Protects T1119 Automated Collection
SC-36 Distributed Processing and Storage Protects T1119 Automated Collection
SC-04 Information in Shared System Resources Protects T1119 Automated Collection
SI-12 Information Management and Retention Protects T1119 Automated Collection
SI-23 Information Fragmentation Protects T1119 Automated Collection
SI-04 System Monitoring Protects T1119 Automated Collection
SI-07 Software, Firmware, and Information Integrity Protects T1119 Automated Collection
PUR-IP-E5 Information Protection Technique Scores T1119 Automated Collection