|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003
|
OS Credential Dumping
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1222
|
File and Directory Permissions Modification
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114
|
Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1587
|
Develop Capabilities
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1547
|
Boot or Logon Autostart Execution
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1598.004
|
Spearphishing Voice
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1558.003
|
Kerberoasting
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1115
|
Clipboard Data
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1005
|
Data from Local System
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1011
|
Exfiltration Over Other Network Medium
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1011.001
|
Exfiltration Over Bluetooth
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1020
|
Automated Exfiltration
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1020.001
|
Traffic Duplication
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1025
|
Data from Removable Media
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1029
|
Scheduled Transfer
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1030
|
Data Transfer Size Limits
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1039
|
Data from Network Shared Drive
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1040
|
Network Sniffing
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1041
|
Exfiltration Over C2 Channel
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048
|
Exfiltration Over Alternative Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1052
|
Exfiltration Over Physical Medium
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1052.001
|
Exfiltration over USB
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056
|
Input Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.001
|
Keylogging
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.002
|
GUI Input Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.003
|
Web Portal Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1056.004
|
Credential API Hooking
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1113
|
Screen Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114
|
Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.001
|
Local Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.002
|
Remote Email Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1114.003
|
Email Forwarding Rule
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1115
|
Clipboard Data
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1119
|
Automated Collection
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1123
|
Audio Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1125
|
Video Capture
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1187
|
Forced Authentication
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1212
|
Exploitation for Credential Access
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213
|
Data from Information Repositories
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.001
|
Confluence
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.002
|
Sharepoint
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.003
|
Code Repositories
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.004
|
Customer Relationship Management Software
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1213.005
|
Messaging Applications
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1530
|
Data from Cloud Storage
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1537
|
Transfer Data to Cloud Account
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552
|
Unsecured Credentials
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.001
|
Credentials In Files
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.002
|
Credentials in Registry
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.003
|
Bash History
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.004
|
Private Keys
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.005
|
Cloud Instance Metadata API
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.006
|
Group Policy Preferences
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.007
|
Container API
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1552.008
|
Chat Messages
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555
|
Credentials from Password Stores
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.001
|
Keychain
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.002
|
Securityd Memory
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.003
|
Credentials from Web Browsers
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.004
|
Windows Credential Manager
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.005
|
Password Managers
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1555.006
|
Cloud Secrets Management Stores
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1557
|
Adversary-in-the-Middle
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567
|
Exfiltration Over Web Service
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.001
|
Exfiltration to Code Repository
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.002
|
Exfiltration to Cloud Storage
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.003
|
Exfiltration to Text Storage Sites
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1567.004
|
Exfiltration Over Webhook
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602
|
Data from Configuration Repository
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602.001
|
SNMP (MIB Dump)
|
|
attribute.confidentiality.data_disclosure
|
None
| related-to |
T1602.002
|
Network Device Configuration Dump
|
