Data from Local System (T1005)
Tactic: Collection · Platforms: ESXi, Linux, macOS, Network Devices, Windows
The interactive view maps 1 detection strategy, 1 mitigation, 45 threat groups, 169 software entries, 15 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Adversaries may do this using a Command and Scripting Interpreter, such as cmd as well as a Network Device CLI, which have functionality to interact with the file system to gather information. Adversaries may also use Automated Collection on the local system.