EXPLORE
Sign In
← Back to Explore
T1025

Data from Removable Media

Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information. Some adversaries may also use [Automated Collection](https://attack.mitre.or...

LinuxmacOSWindows
3
Detections
1
Sources
4
Threat Actors

BY SOURCE

3splunk_escu

PROCEDURES (2)

Registry2 detections

Auto-extracted: 2 detections for registry

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

THREAT ACTORS (4)

APT28Gamaredon GroupOilRigTurla

DETECTIONS (3)

Windows Process Executed From Removable Media
splunk_escu
Windows USBSTOR Registry Key Modification
splunk_escu
Windows WPDBusEnum Registry Key Modification
splunk_escu