T1565.001 Stored Data Manipulation Mappings

Adversaries may insert, delete, or manipulate data at rest in order to manipulate external outcomes or hide activity.(Citation: FireEye APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating stored data, adversaries may attempt to affect a business process, organizational understanding, and decision making.

Stored data could include a variety of file formats, such as Office files, databases, stored emails, and custom file formats. The type of modification and the impact it will have depends on the type of data as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-3 Access Enforcement Protects T1565.001 Stored Data Manipulation
CA-7 Continuous Monitoring Protects T1565.001 Stored Data Manipulation
CM-2 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-6 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-8 System Component Inventory Protects T1565.001 Stored Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565.001 Stored Data Manipulation
CP-6 Alternate Storage Site Protects T1565.001 Stored Data Manipulation
CP-7 Alternate Processing Site Protects T1565.001 Stored Data Manipulation
CP-9 System Backup Protects T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565.001 Stored Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-7 Boundary Protection Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-23 Information Fragmentation Protects T1565.001 Stored Data Manipulation
SI-4 System Monitoring Protects T1565.001 Stored Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
CVE-2019-1942 Cisco Identity Services Engine Software secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-15972 Cisco Unified Communications Manager secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-1863 Cisco Unified Computing System E-Series Software (UCSE) secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-1689 Cisco Webex Teams secondary_impact T1565.001 Stored Data Manipulation
CVE-2020-3476 Cisco IOS XE Software primary_impact T1565.001 Stored Data Manipulation
CVE-2020-3440 Cisco Webex Meetings primary_impact T1565.001 Stored Data Manipulation
CVE-2019-1836 Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode primary_impact T1565.001 Stored Data Manipulation
CVE-2020-3237 Cisco IOx primary_impact T1565.001 Stored Data Manipulation
CVE-2020-3309 Cisco Firepower Threat Defense Software secondary_impact T1565.001 Stored Data Manipulation
CVE-2020-5345 Unisphere for PowerMax exploitation_technique T1565.001 Stored Data Manipulation
CVE-2019-3786 BOSH Backup and Restore exploitation_technique T1565.001 Stored Data Manipulation
CVE-2020-11010 tortoise-orm secondary_impact T1565.001 Stored Data Manipulation
CVE-2018-5459 WAGO PFC200 Series secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-18234 Equinox Control Expert secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-5954 JR East Japan train operation information push notification App for Android uncategorized T1565.001 Stored Data Manipulation
CVE-2008-4996 n/a uncategorized T1565.001 Stored Data Manipulation
CVE-2020-9819 iOS uncategorized T1565.001 Stored Data Manipulation
CVE-2018-19833 n/a uncategorized T1565.001 Stored Data Manipulation
attribute.integrity.variety.Modify data Modified stored data or content related-to T1565.001 Data Manipulation: Stored Data Manipulation
aws_rds AWS RDS technique_scores T1565.001 Stored Data Manipulation
aws_rds AWS RDS technique_scores T1565.001 Stored Data Manipulation
amazon_guardduty Amazon GuardDuty technique_scores T1565.001 Stored Data Manipulation
aws_cloudendure_disaster_recovery AWS CloudEndure Disaster Recovery technique_scores T1565.001 Stored Data Manipulation