Home
ATT&CK Techniques
T1213 Data from Information Repositories

T1213 Data from Information Repositories Mappings

Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid adversaries in further objectives, or direct access to the target information.

The following is a brief list of example information that may hold potential value to an adversary and may also be found on an information repository:

Policies, procedures, and standards
Physical / logical network diagrams
System architecture diagrams
Technical system documentation
Testing / development credentials
Work / project schedules
Source code snippets
Links to network shares and other internal resources

Information stored in a repository may vary based on the specific instance or environment. Specific common information repositories include Sharepoint, Confluence, and enterprise databases such as SQL Server.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1213	Data from Information Repositories
AC-17	Remote Access	Protects	T1213	Data from Information Repositories
AC-2	Account Management	Protects	T1213	Data from Information Repositories
AC-21	Information Sharing	Protects	T1213	Data from Information Repositories
AC-23	Data Mining Protection	Protects	T1213	Data from Information Repositories
AC-3	Access Enforcement	Protects	T1213	Data from Information Repositories
AC-4	Information Flow Enforcement	Protects	T1213	Data from Information Repositories
AC-5	Separation of Duties	Protects	T1213	Data from Information Repositories
AC-6	Least Privilege	Protects	T1213	Data from Information Repositories
CA-7	Continuous Monitoring	Protects	T1213	Data from Information Repositories
CA-8	Penetration Testing	Protects	T1213	Data from Information Repositories
CM-2	Baseline Configuration	Protects	T1213	Data from Information Repositories
CM-3	Configuration Change Control	Protects	T1213	Data from Information Repositories
CM-5	Access Restrictions for Change	Protects	T1213	Data from Information Repositories
CM-6	Configuration Settings	Protects	T1213	Data from Information Repositories
CM-7	Least Functionality	Protects	T1213	Data from Information Repositories
CM-8	System Component Inventory	Protects	T1213	Data from Information Repositories
IA-2	Identification and Authentication (organizational Users)	Protects	T1213	Data from Information Repositories
IA-4	Identifier Management	Protects	T1213	Data from Information Repositories
IA-8	Identification and Authentication (non-organizational Users)	Protects	T1213	Data from Information Repositories
RA-5	Vulnerability Monitoring and Scanning	Protects	T1213	Data from Information Repositories
SC-28	Protection of Information at Rest	Protects	T1213	Data from Information Repositories
SI-4	System Monitoring	Protects	T1213	Data from Information Repositories
SI-7	Software, Firmware, and Information Integrity	Protects	T1213	Data from Information Repositories
CVE-2018-18995	ABB GATE-E1 and GATE-E2	secondary_impact	T1213	Data from Information Repositories
CVE-2012-3015	n/a	uncategorized	T1213	Data from Information Repositories
action.hacking.variety.XML external entities	XML external entities. Child of 'Exploit vuln'.	related-to	T1213	Data from Information Repository
action.malware.variety.Capture stored data	Capture data stored on system disk	related-to	T1213	Data from Information Repository

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1213.001	Confluence	25
T1213.002	Sharepoint	25