EXPLORE

← Back to Explore

T1119

Automated Collection

Once established within a system or network, an adversary may use automated techniques for collecting internal data. Methods for performing this technique could include use of a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) to search for and copy information fitting set criteria such as file type, location, or name at specific time intervals. In cloud-based environments, adversaries may also use cloud APIs, data pipelines, command line interfaces, or extract, t...

IaaSLinuxmacOSOffice SuiteSaaSWindows

12

Detections

3

Sources

21

Threat Actors

BY SOURCE

5splunk_escu4sigma3elastic

PROCEDURES (9)

Process Creation Monitoring3 detections

Auto-extracted: 3 detections for process creation monitoring

Network Connection Monitoring2 detections

Auto-extracted: 2 detections for network connection monitoring

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Service1 detections

Auto-extracted: 1 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Process Access Monitoring1 detections

Auto-extracted: 1 detections for process access monitoring

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

DETECTIONS (12)

Automated Collection Command PowerShell

Automated Collection Command Prompt

AWS EC2 Export Task

AWS Exfiltration via Anomalous GetObject API Activity

AWS Exfiltration via Batch Service

AWS Exfiltration via DataSync Task

GCP Pub/Sub Subscription Creation

Potential Database Dumping Activity

Recon Information for Export with Command Prompt

Recon Information for Export with PowerShell

Windows File Collection Via Copy Utilities

Windows Process Accessing Windows Recall Directory