T1213.001 - Confluence
Sub-technique
Tactics:
Collection
Collection
Platforms:
SaaS
SaaS
Detection:
Not specified
Not specified
Description:
Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:
* Policies, procedures, and standards
* Physical / logical network diagrams
* System architecture diagrams
* Technical system documentation
* Testing / development credentials (i.e., [Unsecured Credentials](https://attack.mitre.org/techniques/T1552))
* Work / project schedules
* Source code snippets
* Links to network shares and other internal resources
Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:
* Policies, procedures, and standards
* Physical / logical network diagrams
* System architecture diagrams
* Technical system documentation
* Testing / development credentials (i.e., [Unsecured Credentials](https://attack.mitre.org/techniques/T1552))
* Work / project schedules
* Source code snippets
* Links to network shares and other internal resources
Used by Actors (1)
Metadata
| MITRE ID: | T1213.001 |
| STIX ID: | attack-pattern--7ad38ef1-381a-... |
| Platforms: | SaaS |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 16:00 |