Data from Information Repositories (T1213)

View on ATT&CK

In Playbook

Associated Tactics

  • Collection

Collection (TA0009)

The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to either steal (exfiltrate) the data or to use the data to gain more information about the target environment. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.

View on ATT&CK

Procedure Examples

Description Source(s)
Ariel Szarf, Doron Karmi, and Lionel Saposnik. (n.d.). Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots. Retrieved September 24, 2024. Mitiga
Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018. Atlassian Confluence Logging
David Fiser and Jaromir Horejsi. (2020, April 21). Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining. Retrieved September 25, 2024. TrendMicro Exposed Redis 2020
Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018. Microsoft SharePoint Logging
Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021. Sharepoint Sharing Events
Vilius Petkauskas . (2022, November 3). Thomson Reuters collected and leaked at least 3TB of sensitive data. Retrieved September 25, 2024. Cybernews Reuters Leak 2022