TA0009ATT&CK 14.1

TA0009Collection

Description

The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.

Techniques in this tactic· 17

T1005

Data from Local System

T1025

Data from Removable Media

T1039

Data from Network Shared Drive

T1056

T1074

T1113

T1114

Email Collection

T1115

T1119

Automated Collection

T1123

T1125

T1185

Browser Session Hijacking

T1213

Data from Information Repositories

T1530

Data from Cloud Storage

T1557

Adversary-in-the-Middle

T1560

Archive Collected Data

T1602

Data from Configuration Repository

Sub-techniques in this tactic· 20

T1056.001 T1056.002 T1056.003 T1056.004 T1074.001 T1074.002 T1114.001 T1114.002 T1114.003 T1213.001 T1213.002 T1213.003 T1557.001 T1557.002 T1557.003 T1560.001 T1560.002 T1560.003 T1602.001 T1602.002

References

https://attack.mitre.org/tactics/TA0009

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Email Collection

Credential Access

Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.