VERIS action.malware.variety.Capture stored data Mappings

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1016.002 Wi-Fi Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1114 Email Collection
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1587 Develop Capabilities
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1558.003 Kerberoasting
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1565.002 Transmitted Data Manipulation
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1005 Data from Local System
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1010 Application Window Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1025 Data from Removable Media
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1033 System Owner/User Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1039 Data from Network Shared Drive
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1083 File and Directory Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1119 Automated Collection
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213 Data from Information Repositories
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213.001 Confluence
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213.002 Sharepoint
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1530 Data from Cloud Storage
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1602 Data from Configuration Repository