Data from Information Repositories

From attackics
Jump to navigation Jump to search
Data from Information Repositories
ID T811
Tactic Collection
Data Sources Application logs, Authentication logs, Data loss prevention, Third-party application logs
Asset Control Server, Data Historian, Engineering Workstation, Human-Machine Interface


Adversaries may target and collect data from information repositories. This can include sensitive data such as specifications, schematics, or diagrams of control system layouts, devices, and processes. Examples of target information repositories include reference databases and local machines on the process environment.

Procedure Examples

  • ACAD/Medre.A collects information related to the AutoCAD application. The worm collects AutoCAD (*.dwg) files with drawings from information repositories.
  • Duqu downloads additional modules for the collection of data in information repositories. The modules are named: infostealer 1, infostealer 2 and reconnaissance.1
  • Flame has built-in modules to gather information from compromised computers.2