| attribute.confidentiality.data_disclosure |
|
related-to |
T1187 |
Forced Authentication |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1212 |
Exploitation for Credential Access |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1557 |
Man-in-the-Middle |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1119 |
Automated Collection |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1040 |
Network Sniffing |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1602 |
Data from Configuration Repository |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1602.001 |
Data from Configuration Repository: SNMP (MIB Dump) |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1602.002 |
Data from Configuration Repository: Network Device Configuration Dump |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1213 |
Data from Information Repository |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1056.003 |
Input Capture: Web Portal Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1056 |
Input Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1056.001 |
Input Capture: Keylogging |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1056.002 |
Input Capture: GUI Input Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1056.004 |
Input Capture: Credential API Hooking |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1113 |
Screen Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1114 |
Email Collection |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1114.001 |
Email Collection: Local Email Collection |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1114.002 |
Email Collection: Remote Email Collection |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1114.003 |
Email Collection: Email Forwarding Rule |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1123 |
Audio Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1125 |
Video Capture |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.002 |
OS Credential Dumping: Security Account Manager |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.003 |
OS Credential Dumping: NTDS |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.006 |
OS Credential Dumping: DCSync |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.008 |
OS Credential Dumping: /etc/passwd and /etc/shadow |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1005 |
Data from Local System |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1025 |
Data from Removable Media |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1039 |
Data from Network Shared Drive |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1213.001 |
Data from Information Repositories: Confluence |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1213.002 |
Data from Information Repositories: Sharepoint |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1530 |
Data from Cloud Storage |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1011 |
Exfiltration Over Other Network Medium |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1011.001 |
Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1020 |
Automated Exfiltration |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1020.001 |
Automated Exfiltration: Traffic Duplication |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1029 |
Scheduled Transfer |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1030 |
Data Transfer Size Limits |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1041 |
Exfiltration Over C2 Channels |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1048 |
Exfiltration Over Alternative Protocol |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1048.001 |
Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1048.002 |
Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1048.003 |
Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1052 |
Exfiltration Over Physical Medium |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1052.001 |
Exfiltration Over Physical Medium: Exfiltration over USB |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1537 |
Transfer Data to Cloud Account |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1567 |
Exfiltration Over Web Service |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1567.001 |
Exfiltration Over Web Service: Exfiltration to Code Repository |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1567.002 |
Exfiltration Over Web Service: Exfiltration to Cloud Storage |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.007 |
OS Credential Dumping: Proc Filesystem |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1115 |
Clipboard Data |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003 |
OS Credential Dumping |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.001 |
OS Credential Dumping: LSASS Memory |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.004 |
OS Credential Dumping: LSA Secrets |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1003.005 |
OS Credential Dumping: Cached Domain Credentials |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.001 |
Unsecured Credentials: Credentials in Files |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.002 |
Unsecured Credentials: Credentials in Registry |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.003 |
Unsecured Credentials: Bash History |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.004 |
Unsecured Credentials: Private Keys |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.005 |
Unsecured Credentials: Cloud Instance Metadata API |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.006 |
Unsecured Credentials: Group Policy Preferences |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555 |
Credentials from Password Stores |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555.001 |
Credentials from Password Stores: Keychain |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555.002 |
Credentials from Password Stores: Securityd Memory |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555.003 |
Credentials from Password Stores: Credentials from Web Browser |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555.004 |
Credentials from Password Stores: Windows Credential Manager |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1555.005 |
Credentials from Password Stores: Password Managers |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1213.003 |
Code Repositories |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552 |
Unsecured Credentials |
| attribute.confidentiality.data_disclosure |
|
related-to |
T1552.007 |
Unsecured Credentials: Container API |
