Trusted Design戦術「Collection」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1005 | Data from Local System | Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine… |
| T1025 | Data from Removable Media | Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive… |
| T1039 | Data from Network Shared Drive | Adversaries may search network shares on computers they have compromised to find files of interest. Sensitive data can b… |
| T1056 | Input Capture | Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system u… |
| T1056.001 | Keylogging | Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to … |
| T1056.002 | GUI Input Capture | Adversaries may mimic common operating system GUI components to prompt users for credentials with a seemingly legitimate… |
| T1056.003 | Web Portal Capture | Adversaries may install code on externally facing portals, such as a VPN login page, to capture and transmit credentials… |
| T1056.004 | Credential API Hooking | Adversaries may hook into Windows application programming interface (API) functions and Linux system functions to collec… |
| T1074 | Data Staged | Adversaries may stage collected data in a central location or directory prior to Exfiltration. Data may be kept in separ… |
| T1074.001 | Local Data Staging | Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Data … |
| T1074.002 | Remote Data Staging | Adversaries may stage data collected from multiple systems in a central location or directory on one system prior to Exf… |
| T1113 | Screen Capture | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Sc… |
| T1114 | Email Collection | Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade s… |
| T1114.001 | Local Email Collection | Adversaries may target user email on local systems to collect sensitive information. Files containing email data can be … |
| T1114.002 | Remote Email Collection | Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries… |
| T1114.003 | Email Forwarding Rule | Adversaries may setup email forwarding rules to collect sensitive information. Adversaries may abuse email forwarding ru… |
| T1115 | Clipboard Data | Adversaries may collect data stored in the clipboard from users copying information within or between applications. Fo… |
| T1119 | Automated Collection | Once established within a system or network, an adversary may use automated techniques for collecting internal data. Met… |
| T1123 | Audio Capture | An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice a… |
| T1125 | Video Capture | An adversary can leverage a computer's peripheral devices (e.g., integrated cameras or webcams) or applications (e.g., v… |
| T1185 | Browser Session Hijacking | Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change cont… |
| T1213 | Data from Information Repositories | Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that … |
| T1213.001 | Confluence | Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments … |
| T1213.002 | Sharepoint | Adversaries may leverage the SharePoint repository as a source to mine valuable information. SharePoint will often conta… |
| T1213.003 | Code Repositories | Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that st… |
| T1213.004 | Customer Relationship Management Software | Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information. CRM software is u… |
| T1213.005 | Messaging Applications | Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valua… |
| T1213.006 | Databases | Adversaries may leverage databases to mine valuable information. These databases may be hosted on-premises or in the clo… |
| T1530 | Data from Cloud Storage | Adversaries may access data from cloud storage. Many IaaS providers offer solutions for online data object storage such… |
| T1560 | Archive Collected Data | An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to … |
| T1560.001 | Archive via Utility | Adversaries may use utilities to compress and/or encrypt collected data prior to exfiltration. Many utilities include fu… |
| T1560.002 | Archive via Library | An adversary may compress or encrypt data that is collected prior to exfiltration using 3rd party libraries. Many librar… |
| T1560.003 | Archive via Custom Method | An adversary may compress or encrypt data that is collected prior to exfiltration using a custom method. Adversaries may… |
| T1602 | Data from Configuration Repository | Adversaries may collect data related to managed devices from configuration repositories. Configuration repositories are … |
| T1602.001 | SNMP (MIB Dump) | Adversaries may target the Management Information Base (MIB) to collect and/or mine valuable information in a network ma… |
| T1602.002 | Network Device Configuration Dump | Adversaries may access network configuration files to collect sensitive data about the device and the network. The netwo… |