Home
ATT&CK Techniques
T1565 Data Manipulation

T1565 Data Manipulation Mappings

Adversaries may insert, delete, or manipulate data in order to manipulate external outcomes or hide activity. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.

The type of modification and the impact it will have depends on the target application and process as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
AC-16	Security and Privacy Attributes	Protects	T1565	Data Manipulation
AC-17	Remote Access	Protects	T1565	Data Manipulation
AC-18	Wireless Access	Protects	T1565	Data Manipulation
AC-19	Access Control for Mobile Devices	Protects	T1565	Data Manipulation
AC-20	Use of External Systems	Protects	T1565	Data Manipulation
AC-3	Access Enforcement	Protects	T1565	Data Manipulation
AC-4	Information Flow Enforcement	Protects	T1565	Data Manipulation
CA-7	Continuous Monitoring	Protects	T1565	Data Manipulation
CM-2	Baseline Configuration	Protects	T1565	Data Manipulation
CM-6	Configuration Settings	Protects	T1565	Data Manipulation
CM-7	Least Functionality	Protects	T1565	Data Manipulation
CM-8	System Component Inventory	Protects	T1565	Data Manipulation
CP-10	System Recovery and Reconstitution	Protects	T1565	Data Manipulation
CP-6	Alternate Storage Site	Protects	T1565	Data Manipulation
CP-7	Alternate Processing Site	Protects	T1565	Data Manipulation
CP-9	System Backup	Protects	T1565	Data Manipulation
SC-28	Protection of Information at Rest	Protects	T1565	Data Manipulation
SC-36	Distributed Processing and Storage	Protects	T1565	Data Manipulation
SC-4	Information in Shared System Resources	Protects	T1565	Data Manipulation
SC-46	Cross Domain Policy Enforcement	Protects	T1565	Data Manipulation
SC-7	Boundary Protection	Protects	T1565	Data Manipulation
SI-12	Information Management and Retention	Protects	T1565	Data Manipulation
SI-16	Memory Protection	Protects	T1565	Data Manipulation
SI-23	Information Fragmentation	Protects	T1565	Data Manipulation
SI-4	System Monitoring	Protects	T1565	Data Manipulation
SI-7	Software, Firmware, and Information Integrity	Protects	T1565	Data Manipulation
CVE-2020-15109	solidus	secondary_impact	T1565	Data Manipulation
CVE-2020-5225	SimpleSAMLphp	secondary_impact	T1565	Data Manipulation
CVE-2020-1111	Windows	secondary_impact	T1565	Data Manipulation
CVE-2018-8355	ChakraCore	secondary_impact	T1565	Data Manipulation
CVE-2020-0671	Windows	secondary_impact	T1565	Data Manipulation
CVE-2019-1270	Windows	primary_impact	T1565	Data Manipulation
CVE-2019-1118	Windows	secondary_impact	T1565	Data Manipulation
CVE-2020-1456	Microsoft SharePoint Enterprise Server	secondary_impact	T1565	Data Manipulation
CVE-2020-1109	Windows	secondary_impact	T1565	Data Manipulation
CVE-2020-1068	Windows	primary_impact	T1565	Data Manipulation
CVE-2020-1495	Microsoft SharePoint Server 2010 Service Pack 2	secondary_impact	T1565	Data Manipulation
CVE-2018-8248	Microsoft Office	secondary_impact	T1565	Data Manipulation
CVE-2018-8111	Microsoft Edge	secondary_impact	T1565	Data Manipulation
CVE-2018-8607	Microsoft Dynamics 365	secondary_impact	T1565	Data Manipulation
CVE-2020-1569	Microsoft Edge (EdgeHTML-based)	secondary_impact	T1565	Data Manipulation
CVE-2019-1423	Windows 10 Version 1903 for 32-bit Systems	primary_impact	T1565	Data Manipulation
CVE-2020-16874	Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)	secondary_impact	T1565	Data Manipulation
CVE-2019-0609	Internet Explorer 11	secondary_impact	T1565	Data Manipulation
CVE-2018-8353	n/a	secondary_impact	T1565	Data Manipulation
CVE-2018-8110	Microsoft Edge	secondary_impact	T1565	Data Manipulation
CVE-2018-8575	Microsoft Project	secondary_impact	T1565	Data Manipulation
CVE-2019-1031	Microsoft SharePoint Foundation	secondary_impact	T1565	Data Manipulation
CVE-2018-8431	Microsoft SharePoint Server	secondary_impact	T1565	Data Manipulation
CVE-2019-15821	n/a	uncategorized	T1565	Data Manipulation
CVE-2012-0158	n/a	uncategorized	T1565	Data Manipulation
CVE-2020-6974	Honeywell Notifier Web Server (NWS)	uncategorized	T1565	Data Manipulation
CVE-2020-9459	n/a	uncategorized	T1565	Data Manipulation
CVE-2013-4335	opOpenSocialPlugin	uncategorized	T1565	Data Manipulation
CVE-2018-8337	Windows 10	uncategorized	T1565	Data Manipulation
CVE-2018-18667	n/a	uncategorized	T1565	Data Manipulation
CVE-2018-17877	n/a	uncategorized	T1565	Data Manipulation
CVE-2018-19831	n/a	uncategorized	T1565	Data Manipulation
CVE-2018-19830	n/a	uncategorized	T1565	Data Manipulation
attribute.integrity.variety.Modify data	Modified stored data or content	related-to	T1565	Data Manipulation
aws_rds	AWS RDS	technique_scores	T1565	Data Manipulation	Comments AWS RDS supports the encryption of database instances using the AES-256 encryption algorithm. This can protect database instances from being modified at rest. Furthermore, AWS RDS supports TLS/SSL connections which protect data from being modified during transit. This mapping is given a score of Partial because it only supports a subset of the sub-techniques (2 of 3). References https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
aws_rds	AWS RDS	technique_scores	T1565	Data Manipulation	Comments AWS RDS supports the replication and recovery of database instances. In the event that data is manipulated, AWS RDS can be used to restore the database instance to a previous point in time. As a result, this mapping is given a score of Significant. References https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
amazon_guardduty	Amazon GuardDuty	technique_scores	T1565	Data Manipulation	Comments The following GuardDuty finding type flags events where adversaries may insert, delete, or manipulate data in order to manipulate external outcomes or hide activity. Impact:S3/MaliciousIPCaller References https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html
aws_cloudendure_disaster_recovery	AWS CloudEndure Disaster Recovery	technique_scores	T1565	Data Manipulation	Comments AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS Cloud. In the event that data on servers is manipulated, AWS CloudEndure can be used to provision an instance of the server from a previous point in time within minutes. This mapping is given a score of Minimal because it only supports a subset (1 of 3) of the sub-techniques. References https://aws.amazon.com/cloudendure-disaster-recovery/ https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm
amazon_virtual_private_cloud	Amazon Virtual Private Cloud	technique_scores	T1565	Data Manipulation	Comments The VPC service's support for the AWS Virtual Private Network (VPN) can be used to encrypt traffic traversing over untrusted networks which can provide protection against one sub-technique (Transmitted Data Manipulation) of this technique while not providing protection for its remaining sub-techniques resulting in overall score of Partial. References https://docs.aws.amazon.com/vpc/latest/userguide/security.html

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1565.003	Runtime Data Manipulation	14
T1565.001	Stored Data Manipulation	46
T1565.002	Transmitted Data Manipulation	19