ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CSA Cloud Controls Matrix (CCM)
CRI Profile
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 12.1 Enterprise and VERIS 1.3.7.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Capture data stored on system disk
VERIS
action.malware.variety.Capture stored data
Mappings
ATT&CK Version
12.1
ATT&CK Domain
Enterprise
VERIS
1.3.7
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1033
System Owner/User Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1083
File and Directory Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1119
Automated Collection
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1602
Data from Configuration Repository
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213
Data from Information Repository
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1010
Application Window Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.002
OS Credential Dumping: Security Account Manager
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.003
OS Credential Dumping: NTDS
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.006
OS Credential Dumping: DCSync
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.008
OS Credential Dumping: /etc/passwd and /etc/shadow
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1005
Data from Local System
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1025
Data from Removable Media
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1039
Data from Network Shared Drive
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213.001
Data from Information Repositories: Confluence
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213.002
Data from Information Repositories: Sharepoint
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1530
Data from Cloud Storage
