T1552 - Unsecured Credentials - MITRE ATT&CK

T1552 - Unsecured Credentials

Tattiche:
Credential Access

Piattaforme:
Windows SaaS IaaS Linux +5

Rilevamento:
Not specified

Description:

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. [Shell History](https://attack.mitre.org/techniques/T1552/003)), operating system or application-specific repositories (e.g. [Credentials in Registry](https://attack.mitre.org/techniques/T1552/002)), or other specialized files/artifacts (e.g. [Private Keys](https://attack.mitre.org/techniques/T1552/004)).(Citation: Brining MimiKatz to Unix)

Sub-tecniche (8)

ID	ATT&CK	Azioni
T1552.001	Credentials In Files
T1552.002	Credentials in Registry
T1552.003	Shell History
T1552.004	Private Keys
T1552.005	Cloud Instance Metadata API
T1552.006	Group Policy Preferences
T1552.007	Container API
T1552.008	Chat Messages

Usato da Attori (1)

Volt Typhoon
Unknown

Malware (4)

DarkGate other Astaroth other NPPSPY tool Pacu tool

Metadata

MITRE ID:	T1552
STIX ID:	attack-pattern--435dfb86-2697-...
Piattaforme:	Windows, SaaS, IaaS, Linux, macOS, Containers, Network Devices, Office Suite, Identity Provider
Created:	13/01/2026 17:48
Updated:	06/03/2026 04:00