ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 9.0 Enterprise and VERIS 1.3.5.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Capture data stored on system disk
VERIS
action.malware.variety.Capture stored data
Mappings
Mappings
ATT&CK Version
9.0
ATT&CK Domain
Enterprise
VERIS
1.3.5
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1119
Automated Collection
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1602
Data from Configuration Repository
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213
Data from Information Repository
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1010
Application Window Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.002
OS Credential Dumping: Security Account Manager
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.003
OS Credential Dumping: NTDS
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.006
OS Credential Dumping: DCSync
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1003.008
OS Credential Dumping: /etc/passwd and /etc/shadow
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1005
Data from Local System
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1025
Data from Removable Media
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1033
System Owner/User Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1039
Data from Network Shared Drive
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1083
File and Directory Discovery
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213.001
Data from Information Repositories: Confluence
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1213.002
Data from Information Repositories: Sharepoint
action.malware.variety.Capture stored data
Capture data stored on system disk
related-to
T1530
Data from Cloud Storage Object