# Coleta ```mermaid graph TB A["🎯 Alvo Identificado<br/>Dados de interesse mapeados"] --> B["📂 Arquivos Locais<br/>T1005 - Data from Local System"] A --> C["📧 E-mails<br/>T1114 - Email Collection"] A --> D["⌨️ Input Capture<br/>T1056 - Keylogging / GUI"] A --> E["🖥️ Captura de Tela<br/>T1113 - Screen Capture"] A --> F["☁️ Repositórios Cloud<br/>T1213 / T1530"] B --> G["📦 Compactação<br/>T1560 - Archive Collected Data"] C --> G D --> G E --> G F --> G ``` > [!info] Visão Geral > A tática de Coleta (TA0009) agrupa as técnicas usadas por atacantes para reunir dados de interesse antes da exfiltração. O objetivo e maximizar o volume de informações sensíveis capturadas - credenciais, documentos, comúnicações e registros de atividade. > **Técnicas:** 36 técnicas nesta categoria, incluindo captura de entrada, coleta de e-mails e acesso a repositórios. > **Destaque LATAM:** Coleta de dados bancarios, credenciais de portais governamentais e e-mails corporativos sao os vetores mais explorados contra organizações brasileiras. > [!warning] Contexto Brasil/LATAM > No Brasil, grupos como **Blind Eagle** e **TOITOIN** utilizam trojans bancarios com keyloggers embutidos para capturar credenciais de acesso a portais financeiros. A coleta de e-mails corporativos via **T1114** também e recorrente em campanhas de espionagem contra o setor governamental e de energia brasileiros. Ferramentas como **AgentTesla** e **Grandoreiro** sao frequentemente identificadas nessas campanhas. > **36 técnicas** · Coleta de dados de interesse no alvo - capturas de tela, keylogging, acesso a repositórios. %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nome" FROM "ttp/techniques/collection" WHERE type = "technique" SORT title ASC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Nota", title AS "Nome" FROM "ttp/techniques/collection" WHERE type = "technique" SORT title ASC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Nota", title AS "Nome" FROM "ttp/techniques/collection" WHERE type = "technique" SORT title ASC --> | Nota | Nome | | ------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | | [[t1005-data-from-local-system\|T1005 - Data from Local System]] | T1005 - Data from Local System | | [[t1025-data-from-removable-media\|T1025 - Data from Removable Media]] | T1025 - Data from Removable Media | | [[t1039-data-from-network-shared-drive\|T1039 - Data from Network Shared Drive]] | T1039 - Data from Network Shared Drive | | [[t1056-input-capture\|T1056 - Input Capture]] | T1056 - Input Capture | | [[t1056-001-keylogging\|T1056.001 - Keylogging]] | T1056.001 - Keylogging | | [[t1056-002-gui-input-capture\|T1056.002 - GUI Input Capture]] | T1056.002 - GUI Input Capture | | [[t1056-003-web-portal-capture\|T1056.003 - Web Portal Capture]] | T1056.003 - Web Portal Capture | | [[t1056-004-credential-api-hooking\|T1056.004 - Credential API Hooking]] | T1056.004 - Credential API Hooking | | [[t1074-data-staged\|T1074 - Data Staged]] | T1074 - Data Staged | | [[t1074-001-local-data-staging\|T1074.001 - Local Data Staging]] | T1074.001 - Local Data Staging | | [[t1074-002-remote-data-staging\|T1074.002 - Remote Data Staging]] | T1074.002 - Remote Data Staging | | [[t1113-screen-capture\|T1113 - Screen Capture]] | T1113 - Screen Capture | | [[t1114-email-collection\|T1114 - Email Collection]] | T1114 - Email Collection | | [[t1114-001-local-email-collection\|T1114.001 - Local Email Collection]] | T1114.001 - Local Email Collection | | [[t1114-002-remote-email-collection\|T1114.002 - Remote Email Collection]] | T1114.002 - Remote Email Collection | | [[t1114-003-email-forwarding-rule\|T1114.003 - Email Forwarding Rule]] | T1114.003 - Email Forwarding Rule | | [[t1115-clipboard-data\|T1115 - Clipboard Data]] | T1115 - Clipboard Data | | [[t1119-automated-collection\|T1119 - Automated Collection]] | T1119 - Automated Collection | | [[t1123-audio-capture\|T1123 - Audio Capture]] | T1123 - Audio Capture | | [[t1125-video-capture\|T1125 - Video Capture]] | T1125 - Video Capture | | [[t1185-browser-session-hijacking\|T1185 - Browser Session Hijacking]] | T1185 - Browser Session Hijacking | | [[t1213-data-from-information-repositories\|T1213 - Data from Information Repositories]] | T1213 - Data from Information Repositories | | [[t1213-001-confluence\|T1213.001 - Confluence]] | T1213.001 - Confluence | | [[t1213-002-sharepoint\|T1213.002 - Sharepoint]] | T1213.002 - Sharepoint | | [[t1213-003-code-repositories\|T1213.003 - Code Repositories]] | T1213.003 - Code Repositories | | [[t1213-004-customer-relationship-management-software\|T1213.004 - Customer Relationship Management Software]] | T1213.004 - Customer Relationship Management Software | | [[t1213-005-messaging-applications\|T1213.005 - Messaging Applications]] | T1213.005 - Messaging Applications | | [[t1213-006-databases\|T1213.006 - Databases]] | T1213.006 - Databases | | [[t1417-input-capture-android\|T1417 - Input Capture (Android)]] | T1417 - Input Capture (Android) | | [[t1417-002-gui-input-capture\|T1417.002 - Input Capture: GUI Input Capture]] | T1417.002 - Input Capture: GUI Input Capture | | [[t1417-002-input-capture\|T1417.002 - Input Capture: Keystroke Capture]] | T1417.002 - Input Capture: Keystroke Capture | | [[t1430-location-tracking\|T1430 - Location Tracking]] | T1430 - Location Tracking | | [[t1433-access-contact-list\|T1433 - Access Contact List]] | T1433 - Access Contact List | | [[t1513-screen-capture\|T1513 - Screen Capture]] | T1513 - Screen Capture | | [[t1530-data-from-cloud-storage\|T1530 - Data from Cloud Storage]] | T1530 - Data from Cloud Storage | | [[t1533-data-from-local-system\|T1533 - Data from Local System]] | T1533 - Data from Local System | | [[t1560-archive-collected-data\|T1560 - Archive Collected Data]] | T1560 - Archive Collected Data | | [[t1560-001-archive-via-utility\|T1560.001 - Archive via Utility]] | T1560.001 - Archive via Utility | | [[t1560-002-archive-via-library\|T1560.002 - Archive via Library]] | T1560.002 - Archive via Library | | [[t1560-003-archive-via-custom-method\|T1560.003 - Archive via Custom Method]] | T1560.003 - Archive via Custom Method | | [[t1602-data-from-configuration-repository\|T1602 - Data from Configuration Repository]] | T1602 - Data from Configuration Repository | | [[t1602-001-snmp-mib-dump\|T1602.001 - SNMP (MIB Dump)]] | T1602.001 - SNMP (MIB Dump) | | [[t1602-002-network-device-configuration-dump\|T1602.002 - Network Device Configuration Dump]] | T1602.002 - Network Device Configuration Dump | | [[t1636-contact-list\|T1636 - Collection (Contact List)]] | T1636 - Collection (Contact List) | | [[t1636-004-sms-messages\|T1636.004 - Collection: SMS Messages]] | T1636.004 - Collection: SMS Messages | | [[t1638-system-information-discovery\|T1638 - System Information Discovery]] | T1638 - System Information Discovery | <!-- SerializedQuery END --> --- **Navegação:** [[_techniques|Técnicas]] · [[_tactics|Táticas]] · [[_procedures|Procedimentos]]