T1555 - Credentials from Password Stores
Tattiche:
Credential Access
Credential Access
Piattaforme:
IaaS Linux macOS Windows
IaaS Linux macOS Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may search for common password storage locations to obtain user credentials.(Citation: F-Secure The Dukes) Passwords are stored in several places on a system, depending on the operating system or application holding the credentials. There are also specific applications and services that store passwords to make them easier for users to manage and maintain, such as password managers and cloud secrets vaults. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.
Usato da Attori (12)
Malware (20)
Matryoshka other
NETWIRE other
OLDBAIT other
CosmicDuke other
Prikormka other
Mispadu other
BeaverTail other
DarkGate other
KGH_SPY other
RedLine Stealer other
XLoader other
MgBot other
PinchDuke other
PLEAD other
Carberp other
Lokibot other
Manjusaka other
Agent Tesla other
Astaroth other
PoshC2 tool
Metadata
| MITRE ID: | T1555 |
| STIX ID: | attack-pattern--3fc9b85a-2862-... |
| Piattaforme: | IaaS, Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 16:00 |