T1025 - Data from Removable Media
Tattiche:
Collection
Collection
Piattaforme:
Linux macOS Windows
Linux macOS Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information.
Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.
Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.
Usato da Attori (4)
Malware (20)
GravityRAT other
AppleSeed other
CosmicDuke other
Aria-body other
Crimson other
Machete other
Prikormka other
FLASHFLOOD other
InvisiMole other
ObliqueRAT other
Remsec other
Explosive other
Rover other
Crutch other
MgBot other
USBStealer other
TajMahal other
Ramsay other
FunnyDream other
BADNEWS other
Metadata
| MITRE ID: | T1025 |
| STIX ID: | attack-pattern--1b7ba276-eedc-... |
| Piattaforme: | Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |