Common Information
| Type | Value |
|---|---|
| Value |
Credentials - T1589.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Adversaries may also compromise sites then add malicious content designed to collect website authentication cookies from visitors.(Citation: ATT ScanBox) Credential information may also be exposed to adversaries via leaks to online or other accessible data sets (ex: [Search Engines](https://attack.mitre.org/techniques/T1593/002), breach dumps, code repositories, etc.).(Citation: Register Deloitte)(Citation: Register Uber)(Citation: Detectify Slack Tokens)(Citation: Forbes GitHub Creds)(Citation: GitHub truffleHog)(Citation: GitHub Gitrob)(Citation: CNET Leaks) Adversaries may also purchase credentials from dark web or other black-markets. Finally, where multi-factor authentication (MFA) based on out-of-band communications is in use, adversaries may compromise a service provider to gain access to MFA codes and one-time passwords (OTP).(Citation: Okta Scatter Swine 2022) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [External Remote Services](https://attack.mitre.org/techniques/T1133) or [Valid Accounts](https://attack.mitre.org/techniques/T1078)). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2044-04-01 | 13 | Attackers Repurposing existing Python-based Malware for Distribution on NPM | ||
| Details | Website | 2035-01-01 | 216 | UNKNOWN | ||
| Details | Website | 2029-03-27 | 1 | AWS Introduces Global Condition Context Keys to Improve EC2 Security | ||
| Details | Website | 2024-11-30 | 4 | Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon — Palisade | ||
| Details | Website | 2024-11-17 | 0 | Phishing emails increasingly use SVG attachments to evade detection | ||
| Details | Website | 2024-11-17 | 0 | How Organizations Are Fulfilling CISA’s Secure by Design Pledge | ||
| Details | Website | 2024-11-17 | 15 | CTF Write-up: Sigma 101 (Certified Cyber Defenders) | ||
| Details | Website | 2024-11-17 | 13 | Intigriti 1337Up Live 2024-CTF: Web Challenges | ||
| Details | Website | 2024-11-17 | 15 | Hunting for Default Credentials: A Deeper Dive into the Toolkit | ||
| Details | Website | 2024-11-17 | 1 | Affordable VPN Low Prices | ||
| Details | Website | 2024-11-17 | 0 | AWS Security Essentials: Protecting Your Cloud Infrastructure | ||
| Details | Website | 2024-11-17 | 0 | How I passed OSCP+ in two months | ||
| Details | Website | 2024-11-17 | 0 | The Security illusion: Why Two-Factor Authentication is No Longer Enough | ||
| Details | Website | 2024-11-17 | 0 | SQL Injection vs. Cross-Site Scripting (XSS): Know the Difference! | ||
| Details | Website | 2024-11-17 | 1 | The Road to CRTP Cert — Part 2 | ||
| Details | Website | 2024-11-17 | 0 | 🚨 Vietnamese Hackers Unleash PXA Stealer: Targeting Sensitive Data Across Europe and Asia 🌍🔓 | ||
| Details | Website | 2024-11-17 | 1 | 🚨 DEEPDATA Malware Exploits Fortinet Flaw to Steal VPN Credentials 🔒 | ||
| Details | Website | 2024-11-17 | 3 | Top 10 Daily Cybercrime Brief by FCRF [17.11.2024]: Click here to Know More | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-11-17 | 4 | HTB Password Attacks Lab Medium | ||
| Details | Website | 2024-11-17 | 0 | ChatGPT Security Risks for Business: The Essential Checklist for Protection | ||
| Details | Website | 2024-11-17 | 1 | Cheap Secure VPN Offers | ||
| Details | Website | 2024-11-17 | 2 | Phishing emails increasingly use SVG attachments to evade detection | ||
| Details | Website | 2024-11-16 | 1 | Solid Security Pro Review | ||
| Details | Website | 2024-11-16 | 0 | The Rising Threat of Cybercrime: How to Protect Yourself in an Increasingly Digital World | ||
| Details | Website | 2024-11-16 | 18 | Look This ! |