11. Collection
Collection (TA0009)
Collection consists of techniques adversaries use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) it.
Strategy
- Targeted: Find sensitive files (
.docx,.pdf,web.config). - Automated: Keylogging credentials as users type.
- Staging: Moving data to a central hidden folder before exfiltration.
Section Contents
-
Archive Collected Data
Compressing and encrypting data to prepare for exfiltration and bypass DLP.
-
Input Capture
Intercepting user input (keystrokes) and clipboard content.
-
Screen Capture
Taking screenshots of the user's desktop to gather intelligence.
