Home
ATT&CK Techniques
T1602 Data from Configuration Repository

T1602 Data from Configuration Repository Mappings

Adversaries may collect data related to managed devices from configuration repositories. Configuration repositories are used by management systems in order to configure, manage, and control data on remote systems. Configuration repositories may also facilitate remote access and administration of devices.

Adversaries may target these repositories in order to collect large quantities of sensitive system administration data. Data from configuration repositories may be exposed by various protocols and software and can store a wide variety of data, much of which may align with adversary Discovery objectives.(Citation: US-CERT-TA18-106A)(Citation: US-CERT TA17-156A SNMP Abuse 2017)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1602	Data from Configuration Repository
AC-17	Remote Access	Protects	T1602	Data from Configuration Repository
AC-18	Wireless Access	Protects	T1602	Data from Configuration Repository
AC-19	Access Control for Mobile Devices	Protects	T1602	Data from Configuration Repository
AC-20	Use of External Systems	Protects	T1602	Data from Configuration Repository
AC-03	Access Enforcement	Protects	T1602	Data from Configuration Repository
AC-04	Information Flow Enforcement	Protects	T1602	Data from Configuration Repository
CA-07	Continuous Monitoring	Protects	T1602	Data from Configuration Repository
CM-02	Baseline Configuration	Protects	T1602	Data from Configuration Repository
CM-06	Configuration Settings	Protects	T1602	Data from Configuration Repository
CM-07	Least Functionality	Protects	T1602	Data from Configuration Repository
CM-08	System Component Inventory	Protects	T1602	Data from Configuration Repository
IA-03	Device Identification and Authentication	Protects	T1602	Data from Configuration Repository
IA-04	Identifier Management	Protects	T1602	Data from Configuration Repository
SC-28	Protection of Information at Rest	Protects	T1602	Data from Configuration Repository
SC-03	Security Function Isolation	Protects	T1602	Data from Configuration Repository
SC-04	Information in Shared System Resources	Protects	T1602	Data from Configuration Repository
SC-07	Boundary Protection	Protects	T1602	Data from Configuration Repository
SC-08	Transmission Confidentiality and Integrity	Protects	T1602	Data from Configuration Repository
SI-10	Information Input Validation	Protects	T1602	Data from Configuration Repository
SI-12	Information Management and Retention	Protects	T1602	Data from Configuration Repository
SI-15	Information Output Filtering	Protects	T1602	Data from Configuration Repository
SI-03	Malicious Code Protection	Protects	T1602	Data from Configuration Repository
SI-04	System Monitoring	Protects	T1602	Data from Configuration Repository
SI-07	Software, Firmware, and Information Integrity	Protects	T1602	Data from Configuration Repository

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1602.002	Network Device Configuration Dump	25
T1602.001	SNMP (MIB Dump)	25