T1602 Data from Configuration Repository Mappings

Adversaries may collect data related to managed devices from configuration repositories. Configuration repositories are used by management systems in order to configure, manage, and control data on remote systems. Configuration repositories may also facilitate remote access and administration of devices.

Adversaries may target these repositories in order to collect large quantities of sensitive system administration data. Data from configuration repositories may be exposed by various protocols and software and can store a wide variety of data, much of which may align with adversary Discovery objectives.(Citation: US-CERT-TA18-106A)(Citation: US-CERT TA17-156A SNMP Abuse 2017)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-3 Access Enforcement Protects T1602 Data from Configuration Repository
AC-4 Information Flow Enforcement Protects T1602 Data from Configuration Repository
CA-7 Continuous Monitoring Protects T1602 Data from Configuration Repository
CM-2 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-6 Configuration Settings Protects T1602 Data from Configuration Repository
CM-7 Least Functionality Protects T1602 Data from Configuration Repository
CM-8 System Component Inventory Protects T1602 Data from Configuration Repository
IA-3 Device Identification and Authentication Protects T1602 Data from Configuration Repository
IA-4 Identifier Management Protects T1602 Data from Configuration Repository
SC-28 Protection of Information at Rest Protects T1602 Data from Configuration Repository
SC-3 Security Function Isolation Protects T1602 Data from Configuration Repository
SC-4 Information in Shared System Resources Protects T1602 Data from Configuration Repository
SC-7 Boundary Protection Protects T1602 Data from Configuration Repository
SC-8 Transmission Confidentiality and Integrity Protects T1602 Data from Configuration Repository
SI-10 Information Input Validation Protects T1602 Data from Configuration Repository
SI-12 Information Management and Retention Protects T1602 Data from Configuration Repository
SI-15 Information Output Filtering Protects T1602 Data from Configuration Repository
SI-3 Malicious Code Protection Protects T1602 Data from Configuration Repository
SI-4 System Monitoring Protects T1602 Data from Configuration Repository
SI-7 Software, Firmware, and Information Integrity Protects T1602 Data from Configuration Repository
network_security_groups Network Security Groups technique_scores T1602 Data from Configuration Repository
azure_network_traffic_analytics Azure Network Traffic Analytics technique_scores T1602 Data from Configuration Repository

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1602.002 Network Device Configuration Dump 27
T1602.001 SNMP (MIB Dump) 27