Home
ATT&CK Techniques
T1005 Data from Local System

T1005 Data from Local System Mappings

Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.

Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
CVE-2019-1860	Cisco Unified Intelligence Center	secondary_impact	T1005	Data from Local System
CVE-2019-1942	Cisco Identity Services Engine Software	secondary_impact	T1005	Data from Local System
CVE-2019-15972	Cisco Unified Communications Manager	secondary_impact	T1005	Data from Local System
CVE-2020-3312	Cisco Firepower Threat Defense Software	primary_impact	T1005	Data from Local System
CVE-2020-3477	Cisco IOS	primary_impact	T1005	Data from Local System
CVE-2019-15963	Cisco Unity Connection	primary_impact	T1005	Data from Local System
CVE-2018-15466	Cisco Policy Suite (CPS) Software	secondary_impact	T1005	Data from Local System
CVE-2018-15444	Cisco Energy Management Suite	secondary_impact	T1005	Data from Local System
CVE-2020-3177	Cisco Unified Communications Manager	primary_impact	T1005	Data from Local System
CVE-2020-3240	Cisco UCS Director	primary_impact	T1005	Data from Local System
CVE-2020-5364	Isilon OneFS	secondary_impact	T1005	Data from Local System
CVE-2018-11048	Data Protection Advisor	secondary_impact	T1005	Data from Local System
CVE-2018-15771	Dell EMC RecoverPoint	secondary_impact	T1005	Data from Local System
CVE-2019-3732	RSA BSAFE Crypto-C Micro Edition	primary_impact	T1005	Data from Local System
CVE-2019-3731	RSA BSAFE Crypto-C Micro Edition	primary_impact	T1005	Data from Local System
CVE-2020-5386	Elastic Cloud Storage	primary_impact	T1005	Data from Local System
CVE-2019-3799	Spring Cloud Config	primary_impact	T1005	Data from Local System
CVE-2020-5371	Isilon OneFS	secondary_impact	T1005	Data from Local System
CVE-2018-11051	Certificate Manager Path Traversal Vulnerability	primary_impact	T1005	Data from Local System
CVE-2019-3767	ImageAssist	primary_impact	T1005	Data from Local System
CVE-2020-5331	RSA Archer	primary_impact	T1005	Data from Local System
CVE-2020-5366	Integrated Dell Remote Access Controller (iDRAC)	primary_impact	T1005	Data from Local System
CVE-2020-5373	OMIMSSC (OpenManage Integration for Microsoft System Center)	secondary_impact	T1005	Data from Local System
CVE-2018-15780	RSA Archer	secondary_impact	T1005	Data from Local System
CVE-2019-3786	BOSH Backup and Restore	primary_impact	T1005	Data from Local System
CVE-2019-16768	Sylius	primary_impact	T1005	Data from Local System
CVE-2020-5220	SyliusResourceBundle	primary_impact	T1005	Data from Local System
CVE-2020-11021	http-client	primary_impact	T1005	Data from Local System
CVE-2020-11087	FreeRDP	primary_impact	T1005	Data from Local System
CVE-2020-5270	PrestaShop	secondary_impact	T1005	Data from Local System
CVE-2020-11019	FreeRDP	primary_impact	T1005	Data from Local System
CVE-2020-15137	HoRNDIS	primary_impact	T1005	Data from Local System
CVE-2020-11010	tortoise-orm	secondary_impact	T1005	Data from Local System
CVE-2020-11039	FreeRDP	primary_impact	T1005	Data from Local System
CVE-2020-11059	AEgir	primary_impact	T1005	Data from Local System
CVE-2020-5284	next.js	primary_impact	T1005	Data from Local System
CVE-2020-11045	FreeRDP	primary_impact	T1005	Data from Local System
CVE-2018-17934	NUUO CMS	secondary_impact	T1005	Data from Local System
CVE-2019-6522	Moxa IKS, EDS	primary_impact	T1005	Data from Local System
CVE-2019-6538	Medtronic Conexus Radio Frequency Telemetry Protocol	primary_impact	T1005	Data from Local System
CVE-2018-7526	n/a	primary_impact	T1005	Data from Local System
CVE-2018-5445	Advantech WebAccess/SCADA	primary_impact	T1005	Data from Local System
CVE-2019-13511	Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier	primary_impact	T1005	Data from Local System
CVE-2018-18990	LCDS Laquis SCADA	primary_impact	T1005	Data from Local System
CVE-2018-10610	LeviStudioU	primary_impact	T1005	Data from Local System
CVE-2018-14809	V-Server	primary_impact	T1005	Data from Local System
CVE-2018-5459	WAGO PFC200 Series	secondary_impact	T1005	Data from Local System
CVE-2019-18234	Equinox Control Expert	secondary_impact	T1005	Data from Local System
CVE-2020-6993	Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower	primary_impact	T1005	Data from Local System
CVE-2020-16211	Advantech WebAccess HMI Designer	primary_impact	T1005	Data from Local System
CVE-2020-1111	Windows	secondary_impact	T1005	Data from Local System
CVE-2018-8355	ChakraCore	secondary_impact	T1005	Data from Local System
CVE-2020-0671	Windows	secondary_impact	T1005	Data from Local System
CVE-2019-1118	Windows	secondary_impact	T1005	Data from Local System
CVE-2020-1456	Microsoft SharePoint Enterprise Server	secondary_impact	T1005	Data from Local System
CVE-2020-1109	Windows	secondary_impact	T1005	Data from Local System
CVE-2020-1495	Microsoft SharePoint Server 2010 Service Pack 2	secondary_impact	T1005	Data from Local System
CVE-2018-8248	Microsoft Office	secondary_impact	T1005	Data from Local System
CVE-2020-1141	Windows	primary_impact	T1005	Data from Local System
CVE-2018-8111	Microsoft Edge	secondary_impact	T1005	Data from Local System
CVE-2018-8607	Microsoft Dynamics 365	secondary_impact	T1005	Data from Local System
CVE-2020-1569	Microsoft Edge (EdgeHTML-based)	secondary_impact	T1005	Data from Local System
CVE-2020-16874	Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)	secondary_impact	T1005	Data from Local System
CVE-2019-1013	Windows	primary_impact	T1005	Data from Local System
CVE-2019-0609	Internet Explorer 11	secondary_impact	T1005	Data from Local System
CVE-2018-8353	n/a	secondary_impact	T1005	Data from Local System
CVE-2018-8110	Microsoft Edge	secondary_impact	T1005	Data from Local System
CVE-2018-8575	Microsoft Project	secondary_impact	T1005	Data from Local System
CVE-2019-1031	Microsoft SharePoint Foundation	secondary_impact	T1005	Data from Local System
CVE-2020-0955	Windows	primary_impact	T1005	Data from Local System
CVE-2018-8160	Word	primary_impact	T1005	Data from Local System
CVE-2020-11652	n/a	uncategorized	T1005	Data from Local System
CVE-2017-16651	n/a	uncategorized	T1005	Data from Local System
CVE-2015-0984	n/a	uncategorized	T1005	Data from Local System
CVE-2019-9670	n/a	uncategorized	T1005	Data from Local System
CVE-2020-5539	GRANDIT	uncategorized	T1005	Data from Local System
CVE-2015-7935	n/a	uncategorized	T1005	Data from Local System
CVE-2019-5910	HOUSE GATE App for iOS	uncategorized	T1005	Data from Local System
CVE-2020-6974	Honeywell Notifier Web Server (NWS)	uncategorized	T1005	Data from Local System
CVE-2013-4335	opOpenSocialPlugin	uncategorized	T1005	Data from Local System
CVE-2014-0751	n/a	uncategorized	T1005	Data from Local System
action.malware.variety.Capture stored data	Capture data stored on system disk	related-to	T1005	Data from Local System