Common Information
| Type | Value |
|---|---|
| Value |
Private Keys - T1552.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures.(Citation: Wikipedia Public Key Crypto) Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc. Adversaries may also look in common key directories, such as <code>~/.ssh</code> for SSH keys on * nix-based systems or <code>C:\Users\(username)\.ssh\</code> on Windows. Adversary tools may also search compromised systems for file extensions relating to cryptographic keys and certificates.(Citation: Kaspersky Careto)(Citation: Palo Alto Prince of Persia) When a device is registered to Azure AD, a device key and a transport key are generated and used to verify the device’s identity.(Citation: Microsoft Primary Refresh Token) An adversary with access to the device may be able to export the keys in order to impersonate the device.(Citation: AADInternals Azure AD Device Identities) On network devices, private keys may be exported via [Network Device CLI](https://attack.mitre.org/techniques/T1059/008) commands such as `crypto pki export`.(Citation: cisco_deploy_rsa_keys) Some private keys require a password or passphrase for operation, so an adversary may also use [Input Capture](https://attack.mitre.org/techniques/T1056) for keylogging or attempt to [Brute Force](https://attack.mitre.org/techniques/T1110) the passphrase off-line. These private keys can be used to authenticate to [Remote Services](https://attack.mitre.org/techniques/T1021) like SSH or for use in decrypting other collected files such as email. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-09 | 0 | Unmasking SpyAgent: Zimperium’s Zero-Day Defense Against Cryptocurrency Theft - Zimperium | ||
| Details | Website | 2024-09-09 | 0 | Unmasking SpyAgent: Zimperium’s Zero-Day Defense Against Cryptocurrency Theft | ||
| Details | Website | 2024-09-09 | 0 | Blockchain Security | ||
| Details | Website | 2024-09-07 | 0 | Detailed explanation of COMPOUND (DeFi) Protocol and it’s working!! | ||
| Details | Website | 2024-09-06 | 0 | Humble Beginning — My Cybersecurity Portfolio | ||
| Details | Website | 2024-09-05 | 0 | Comprehensive Guide to Data Encryption | ||
| Details | Website | 2024-09-04 | 28 | Evolution of Mallox: from private ransomware to RaaS | ||
| Details | Website | 2024-09-04 | 0 | Today’s Top Cyber Intelligence Highlights — Sep 04, 2024 | ||
| Details | Website | 2024-09-04 | 0 | North Korean Hackers Target Crypto Companies with Sophisticated Social Engineering Schemes, FBI Warns - CloudSEK News | ||
| Details | Website | 2024-09-04 | 2 | Secrets Exposed: Why Your CISO Should Worry About Slack | ||
| Details | Website | 2024-09-04 | 2 | DeFied Expectations — Examining Web3 Heists | Google Cloud Blog | ||
| Details | Website | 2024-09-03 | 0 | Blockchain Security: Protecting Digital Assets in the Modern Era | ||
| Details | Website | 2024-09-03 | 13 | DeFied Expectations — Examining Web3 Heists | ||
| Details | Website | 2024-09-03 | 0 | Secrets Exposed: Why Your CISO Should Worry About Slack | ||
| Details | Website | 2024-09-03 | 0 | Secrets Exposed: Why Your CISO Should Worry About Slack - RedPacket Security | ||
| Details | Website | 2024-09-03 | 2 | Internet Crime Complaint Center (IC3) | North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks | ||
| Details | Website | 2024-09-03 | 19 | IT threat evolution Q2 2024 | ||
| Details | Website | 2024-09-03 | 19 | Malware report for Q2 2024 — a quarterly review | ||
| Details | Website | 2024-09-02 | 0 | Are Blockchain Wallets Really Safe? The Truth About Your Crypto’s Security | ||
| Details | Website | 2024-09-02 | 0 | DATA ENCRYPTION | ||
| Details | Website | 2024-09-02 | 0 | Linux: A Practical Guide to Managing GPG Keys | ||
| Details | Website | 2024-09-02 | 0 | The Role of Blockchain in the Future of Cybersecurity | ||
| Details | Website | 2024-09-02 | 0 | Beware of Malware Disguised as Fixes in GitHub Comments | ||
| Details | Website | 2024-09-01 | 0 | 🔐 One way to lose your assets is to encounter a drainer. | ||
| Details | Website | 2024-09-01 | 1 | 🦠 Dark Skippy method could threaten Bitcoin hardware wallets. |