|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003
|
OS Credential Dumping
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.001
|
OS Credential Dumping: LSASS Memory
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.002
|
OS Credential Dumping: Security Account Manager
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.003
|
OS Credential Dumping: NTDS
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.004
|
OS Credential Dumping: LSA Secrets
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.005
|
OS Credential Dumping: Cached Domain Credentials
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.006
|
OS Credential Dumping: DCSync
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.007
|
OS Credential Dumping: Proc Filesystem
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.008
|
OS Credential Dumping: /etc/passwd and /etc/shadow
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1005
|
Data from Local System
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1011
|
Exfiltration Over Other Network Medium
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1011.001
|
Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1020
|
Automated Exfiltration
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1020.001
|
Automated Exfiltration: Traffic Duplication
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1025
|
Data from Removable Media
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1029
|
Scheduled Transfer
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1030
|
Data Transfer Size Limits
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1039
|
Data from Network Shared Drive
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1040
|
Network Sniffing
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1041
|
Exfiltration Over C2 Channels
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048
|
Exfiltration Over Alternative Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.001
|
Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.002
|
Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.003
|
Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protcol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1052
|
Exfiltration Over Physical Medium
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1052.001
|
Exfiltration Over Physical Medium: Exfiltration over USB
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056
|
Input Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.001
|
Input Capture: Keylogging
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.002
|
Input Capture: GUI Input Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.003
|
Input Capture: Web Portal Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.004
|
Input Capture: Credential API Hooking
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1113
|
Screen Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114
|
Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.001
|
Email Collection: Local Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.002
|
Email Collection: Remote Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.003
|
Email Collection: Email Forwarding Rule
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1115
|
Clipboard Data
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1119
|
Automated Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1123
|
Audio Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1125
|
Video Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1187
|
Forced Authentication
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1212
|
Exploitation for Credential Access
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213
|
Data from Information Repository
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.001
|
Data from Information Repositories: Confluence
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.002
|
Data from Information Repositories: Sharepoint
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.003
|
Data from Information Repositories: Code Repositories
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.004
|
Data from Information Repositories: Customer Relationship Management Software
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.005
|
Data from Information Repositories: Messaging Applications
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1530
|
Data from Cloud Storage
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1537
|
Transfer Data to Cloud Account
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552
|
Unsecured Credentials
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.001
|
Unsecured Credentials: Credentials in Files
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.002
|
Unsecured Credentials: Credentials in Registry
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.003
|
Unsecured Credentials: Bash History
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.004
|
Unsecured Credentials: Private Keys
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.005
|
Unsecured Credentials: Cloud Instance Metadata API
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.006
|
Unsecured Credentials: Group Policy Preferences
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.007
|
Unsecured Credentials: Container API
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.008
|
Unsecured Credentials: Chat Messages
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555
|
Credentials from Password Stores
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.001
|
Credentials from Password Stores: Keychain
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.002
|
Credentials from Password Stores: Securityd Memory
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.003
|
Credentials from Password Stores: Credentials from Web Browser
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.004
|
Credentials from Password Stores: Windows Credential Manager
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.005
|
Credentials from Password Stores: Password Managers
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.006
|
Credentials from Password Stores: Cloud Secrets Management Stores
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1557
|
Man-in-the-Middle
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567
|
Exfiltration Over Web Service
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.001
|
Exfiltration Over Web Service: Exfiltration to Code Repository
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.002
|
Exfiltration Over Web Service: Exfiltration to Cloud Storage
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.003
|
Exfiltration Over Web Service: Exfiltration to Text Storage Sites
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.004
|
Exfiltration Over Web Service: Exfiltration Over Webhook
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602
|
Data from Configuration Repository
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602.001
|
Data from Configuration Repository: SNMP (MIB Dump)
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602.002
|
Data from Configuration Repository: Network Device Configuration Dump
|
