Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| azure_defender_for_app_service | Azure Defender for App Service | technique_scores | T1005 | Data from Local System |
| docker_host_hardening | Docker Host Hardening | technique_scores | T1005 | Data from Local System |