VERIS action.malware.variety.Capture stored data Mappings

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1119 Automated Collection
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1602 Data from Configuration Repository
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213 Data from Information Repository
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1010 Application Window Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.002 OS Credential Dumping: Security Account Manager
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.003 OS Credential Dumping: NTDS
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.006 OS Credential Dumping: DCSync
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.008 OS Credential Dumping: /etc/passwd and /etc/shadow
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1005 Data from Local System
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1025 Data from Removable Media
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1033 System Owner/User Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1039 Data from Network Shared Drive
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1083 File and Directory Discovery
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213.001 Data from Information Repositories: Confluence
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1213.002 Data from Information Repositories: Sharepoint
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1530 Data from Cloud Storage Object