MITRE ATT&CK / T1005
T1005
Data from Local System
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.Adversaries may do this using a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059), such as [cmd](https://attack.mitre.org/software/S0106) as well as a [Network Device CLI](https://attack.mitre.org/techniques/T1059/008), which have functionality to interact with the file system to gather information.(Citation: show_run_config_cmd_cisco) Adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on the local system.
Platforms
Mitigations
- M1057 — Data Loss Prevention
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Bleeding Llama: CVE-2026-5757 Exposes 300,000 Ollama AI Servers, No Patch Available
- DPRK npm Malware Detection: Auditing npm for AI-Generated Backdoors
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →