Data Staged: Local Data Staging (T1074.001)
Tactic: Collection · Platforms: ESXi, Linux, macOS, Windows
The interactive view maps 1 detection strategy, 28 threat groups, 94 software entries, 13 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Data Staged (T1074).
Overview
Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as Archive Collected Data. Interactive command shells may be used, and common functionality within cmd and bash may be used to copy data into a staging location.
Adversaries may also stage collected data in various available formats/locations of a system, including local storage databases/repositories or the Windows Registry.