Trusted Design

T1005 - Data from Local System

概要

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration. Adversaries may do this using a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059), such as [cmd](https://attack.mitre.org/software/S0106) as well as a [Network Device CLI](https://attack.mitre.org/techniques/T1059/008), which have functionality to interact with the file system to gather information.(Citation: show_run_config_cmd_cisco) Adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on the local system.

この攻撃手法を利用する脅威アクター

• Kimsuky
• BRONZE BUTLER
• LAPSUS$
• APT39
• HAFNIUM
• Axiom
• OilRig
• ToddyCat
• Windigo
• Fox Kitten
• Andariel
• RedCurl
• APT1
• GALLIUM
• APT29
• Lazarus Group
• Gamaredon Group
• Agrius
• FIN6
• Aquatic Panda
• Turla
• APT41
• LuminousMoth
• APT37
• Dragonfly
• CURIUM
• APT28
• Inception
• Ke3chang
• Patchwork
• APT3
• Threat Group-3390
• FIN7
• Ember Bear
• Stealth Falcon
• APT38
• Volt Typhoon
• menuPass
• Wizard Spider
• Magic Hound
• Dark Caracal
• Sandworm Team
• FIN13

関連する CVE

この攻撃手法に関連する CVE は登録されていません。

攻撃手法 – 脅威アクター Graph

---

← Technique一覧に戻る