Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Hour |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Suspicious Unix files containing insecurely stored credentials were accessed.
Attacker's Goals
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Investigative actions
Investigate the process activities and use of the extracted credentials.