T1005 - Data from Local System - MITRE ATT&CK

T1005 - Data from Local System

Tattiche:
Collection

Piattaforme:
ESXi Linux macOS Network Devices +1

Rilevamento:
Not specified

Description:

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

Adversaries may do this using a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059), such as [cmd](https://attack.mitre.org/software/S0106) as well as a [Network Device CLI](https://attack.mitre.org/techniques/T1059/008), which have functionality to interact with the file system to gather information.(Citation: show_run_config_cmd_cisco) Adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on the local system.

Usato da Attori (20)

APT1
Nation-state

APT3
Nation-state

APT28
Nation-state

APT29
Nation-state

Turla
Nation-state

FIN7
Criminal

Lazarus Group
Nation-state

Stealth Falcon
Nation-state

FIN6
Unknown

OilRig
Nation-state

Gamaredon Group
Unknown

Kimsuky
Nation-state

Dark Caracal
Unknown

APT37
Nation-state

WIZARD SPIDER
Nation-state

APT39
Unknown

APT41
Nation-state

GALLIUM
Unknown

Fox Kitten
Unknown

HAFNIUM
Unknown

Malware (20)

TrickBot other BLINDINGCAN other RCSession other QuietSieve other Bumblebee other Amadey other Proxysvc other yty other KOPILUWAK other Sardonic other Misdat other Ursnif other CASTLETAP other ThreatNeedle other Havoc other FrameworkPOS other GravityRAT other InvisibleFerret other Bankshot other SharpDisco other

Metadata

MITRE ID:	T1005
STIX ID:	attack-pattern--3c4a2599-71ee-...
Piattaforme:	ESXi, Linux, macOS, Network Devices, Windows
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00