ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
attribute.confidentiality.data_disclosure
VERIS
attribute.confidentiality.data_disclosure
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
attribute.confidentiality.data_disclosure
None
related-to
T1003
OS Credential Dumping
attribute.confidentiality.data_disclosure
None
related-to
T1003.001
OS Credential Dumping: LSASS Memory
attribute.confidentiality.data_disclosure
None
related-to
T1003.002
OS Credential Dumping: Security Account Manager
attribute.confidentiality.data_disclosure
None
related-to
T1003.003
OS Credential Dumping: NTDS
attribute.confidentiality.data_disclosure
None
related-to
T1003.004
OS Credential Dumping: LSA Secrets
attribute.confidentiality.data_disclosure
None
related-to
T1003.005
OS Credential Dumping: Cached Domain Credentials
attribute.confidentiality.data_disclosure
None
related-to
T1003.006
OS Credential Dumping: DCSync
attribute.confidentiality.data_disclosure
None
related-to
T1003.007
OS Credential Dumping: Proc Filesystem
attribute.confidentiality.data_disclosure
None
related-to
T1003.008
OS Credential Dumping: /etc/passwd and /etc/shadow
attribute.confidentiality.data_disclosure
None
related-to
T1005
Data from Local System
attribute.confidentiality.data_disclosure
None
related-to
T1011
Exfiltration Over Other Network Medium
attribute.confidentiality.data_disclosure
None
related-to
T1011.001
Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth
attribute.confidentiality.data_disclosure
None
related-to
T1020
Automated Exfiltration
attribute.confidentiality.data_disclosure
None
related-to
T1020.001
Automated Exfiltration: Traffic Duplication
attribute.confidentiality.data_disclosure
None
related-to
T1025
Data from Removable Media
attribute.confidentiality.data_disclosure
None
related-to
T1029
Scheduled Transfer
attribute.confidentiality.data_disclosure
None
related-to
T1030
Data Transfer Size Limits
attribute.confidentiality.data_disclosure
None
related-to
T1039
Data from Network Shared Drive
attribute.confidentiality.data_disclosure
None
related-to
T1040
Network Sniffing
attribute.confidentiality.data_disclosure
None
related-to
T1041
Exfiltration Over C2 Channels
attribute.confidentiality.data_disclosure
None
related-to
T1048
Exfiltration Over Alternative Protocol
attribute.confidentiality.data_disclosure
None
related-to
T1048.001
Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol
attribute.confidentiality.data_disclosure
None
related-to
T1048.002
Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
attribute.confidentiality.data_disclosure
None
related-to
T1048.003
Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol
attribute.confidentiality.data_disclosure
None
related-to
T1052
Exfiltration Over Physical Medium
attribute.confidentiality.data_disclosure
None
related-to
T1052.001
Exfiltration Over Physical Medium: Exfiltration over USB
attribute.confidentiality.data_disclosure
None
related-to
T1056
Input Capture
attribute.confidentiality.data_disclosure
None
related-to
T1056.001
Input Capture: Keylogging
attribute.confidentiality.data_disclosure
None
related-to
T1056.002
Input Capture: GUI Input Capture
attribute.confidentiality.data_disclosure
None
related-to
T1056.003
Input Capture: Web Portal Capture
attribute.confidentiality.data_disclosure
None
related-to
T1056.004
Input Capture: Credential API Hooking
attribute.confidentiality.data_disclosure
None
related-to
T1113
Screen Capture
attribute.confidentiality.data_disclosure
None
related-to
T1114
Email Collection
attribute.confidentiality.data_disclosure
None
related-to
T1114.001
Email Collection: Local Email Collection
attribute.confidentiality.data_disclosure
None
related-to
T1114.002
Email Collection: Remote Email Collection
attribute.confidentiality.data_disclosure
None
related-to
T1114.003
Email Collection: Email Forwarding Rule
attribute.confidentiality.data_disclosure
None
related-to
T1115
Clipboard Data
attribute.confidentiality.data_disclosure
None
related-to
T1119
Automated Collection
attribute.confidentiality.data_disclosure
None
related-to
T1123
Audio Capture
attribute.confidentiality.data_disclosure
None
related-to
T1125
Video Capture
attribute.confidentiality.data_disclosure
None
related-to
T1187
Forced Authentication
attribute.confidentiality.data_disclosure
None
related-to
T1212
Exploitation for Credential Access
attribute.confidentiality.data_disclosure
None
related-to
T1213
Data from Information Repository
attribute.confidentiality.data_disclosure
None
related-to
T1213.001
Data from Information Repositories: Confluence
attribute.confidentiality.data_disclosure
None
related-to
T1213.002
Data from Information Repositories: Sharepoint
attribute.confidentiality.data_disclosure
None
related-to
T1213.003
Data from Information Repositories: Code Repositories
attribute.confidentiality.data_disclosure
None
related-to
T1213.004
Data from Information Repositories: Customer Relationship Management Software
attribute.confidentiality.data_disclosure
None
related-to
T1213.005
Data from Information Repositories: Messaging Applications
attribute.confidentiality.data_disclosure
None
related-to
T1530
Data from Cloud Storage
attribute.confidentiality.data_disclosure
None
related-to
T1537
Transfer Data to Cloud Account
attribute.confidentiality.data_disclosure
None
related-to
T1552
Unsecured Credentials
attribute.confidentiality.data_disclosure
None
related-to
T1552.001
Unsecured Credentials: Credentials in Files
attribute.confidentiality.data_disclosure
None
related-to
T1552.002
Unsecured Credentials: Credentials in Registry
attribute.confidentiality.data_disclosure
None
related-to
T1552.003
Unsecured Credentials: Bash History
attribute.confidentiality.data_disclosure
None
related-to
T1552.004
Unsecured Credentials: Private Keys
attribute.confidentiality.data_disclosure
None
related-to
T1552.005
Unsecured Credentials: Cloud Instance Metadata API
attribute.confidentiality.data_disclosure
None
related-to
T1552.006
Unsecured Credentials: Group Policy Preferences
attribute.confidentiality.data_disclosure
None
related-to
T1552.007
Unsecured Credentials: Container API
attribute.confidentiality.data_disclosure
None
related-to
T1552.008
Unsecured Credentials: Chat Messages
attribute.confidentiality.data_disclosure
None
related-to
T1555
Credentials from Password Stores
attribute.confidentiality.data_disclosure
None
related-to
T1555.001
Credentials from Password Stores: Keychain
attribute.confidentiality.data_disclosure
None
related-to
T1555.002
Credentials from Password Stores: Securityd Memory
attribute.confidentiality.data_disclosure
None
related-to
T1555.003
Credentials from Password Stores: Credentials from Web Browser
attribute.confidentiality.data_disclosure
None
related-to
T1555.004
Credentials from Password Stores: Windows Credential Manager
attribute.confidentiality.data_disclosure
None
related-to
T1555.005
Credentials from Password Stores: Password Managers
attribute.confidentiality.data_disclosure
None
related-to
T1555.006
Credentials from Password Stores: Cloud Secrets Management Stores
attribute.confidentiality.data_disclosure
None
related-to
T1557
Man-in-the-Middle
attribute.confidentiality.data_disclosure
None
related-to
T1567
Exfiltration Over Web Service
attribute.confidentiality.data_disclosure
None
related-to
T1567.001
Exfiltration Over Web Service: Exfiltration to Code Repository
attribute.confidentiality.data_disclosure
None
related-to
T1567.002
Exfiltration Over Web Service: Exfiltration to Cloud Storage
attribute.confidentiality.data_disclosure
None
related-to
T1567.003
Exfiltration Over Web Service: Exfiltration to Text Storage Sites
attribute.confidentiality.data_disclosure
None
related-to
T1567.004
Exfiltration Over Web Service: Exfiltration Over Webhook
attribute.confidentiality.data_disclosure
None
related-to
T1602
Data from Configuration Repository
attribute.confidentiality.data_disclosure
None
related-to
T1602.001
Data from Configuration Repository: SNMP (MIB Dump)
attribute.confidentiality.data_disclosure
None
related-to
T1602.002
Data from Configuration Repository: Network Device Configuration Dump
