216.73.216.226

T0893: Data from Local System

View on MITRE ATT&CK The MITRE Corporation · Published 30/03/2023 20:56 · Modified 27/03/2026 01:44

Essential information

MITRE technique ID
T0893
Confidence
100/100
Revoked
No
Published
30/03/2023 20:56
Modified
27/03/2026 01:44
Author / Source
The MITRE Corporation

Description

Adversaries may target and collect data from local system sources, such as file systems, configuration files, or local databases. This can include sensitive data such as specifications, schematics, or diagrams of control system layouts, devices, and processes. Adversaries may do this using [Command-Line Interface](https://attack.mitre.org/techniques/T0807) or [Scripting](https://attack.mitre.org/techniques/T0853) techniques to interact with the file system to gather information. Adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T0802) on the local system.

Kill chain phases

Kill chainPhase
mitre-ics-attack collection

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.