Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
3 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
Credentials from Password Stores: Credentials from Web Browsers (T1555.003) |
Severity |
Low |
Description
Sensitive browser credential files accessed by a rare non browser process.
Attacker's Goals
Accessing these files is done by attackers to collect user credentials.
Investigative actions
Investigate the actor process to determine if it was used for legitimate purposes or malicious activity.