Home >
Enterprise >
Participants >
McAfee >
Unsecured Credentials (T1552)
|
|
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
6.A.1
|
Tactic Credential Access (TA0006) Subtechnique Unsecured Credentials: Credentials in Files (T1552.001) |
|
||||
6.B.1
|
|
Procedure
Read the Chrome SQL database file to extract encrypted credentials
Criteria
accesschk.exe reading files within %APPDATALOCAL%\Google\chrome\user data\default\
APT3 |
||||
Step | ATT&CK Pattern |
|
||
15.B.1
|
Tactic Credential Access (TA0006) Subtechnique Unsecured Credentials: Credentials in Files (T1552.001) |
|