Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Sensitive Microsoft Teams credential files were accessed.
Attacker's Goals
Accessing these files is done by attackers to collect user credentials.
Investigative actions
Investigate the actor process to determine if it was used for legitimate purposes or malicious activity.