T1552.001: T1552.001
Essential information
- MITRE technique ID
T1552.001- Confidence
- 100/100
- Revoked
- No
- Published
- 04/02/2020 13:52
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Credentials In Files
Platforms
windows macos linux Containers IaaS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | credential-access |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
OLYMPO relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Poisson relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedCurl relatedThe MITRE Corporation Confidence 100
[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Shai-Hulud relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Silent Lynx relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Slow Pisces relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA505](https://attack.mitre.org/groups/G0092) is known for frequently changing malware, driving global trends in criminal malware distribution,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
Havoc - S1229 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MISTPEN usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
StrelaStealer usesFamily The MITRE Corporation Confidence 100
[StrelaStealer](https://attack.mitre.org/software/S1183) is an information stealer malware variant first identified in November 2022 and active through late 2024. [StrelaStealer](https://attack.mitre.org/software/S1183) focuses on the automated identification, collection, and exfiltration of email…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Stealc usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Stellar loader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Spark stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Tiflux usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
fkkkf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SocGholish - S1124 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Meduza Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sliver usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 23 MITREs 3 Malwares 7 IOCs 1 Observable
-
Miasma Worm Returns to npm relatedAlienVault Confidence 100 18 MITREs 1 Malware 5 IOCs 5 Observables
-
AlienVault Confidence 100 21 MITREs 2 Malwares
-
AlienVault Confidence 100 13 CVEs 20 MITREs 4 Malwares 6 IOCs 5 Observables 1 APT
-
AlienVault Confidence 100 13 MITREs 4 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 8 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 17 IOCs 14 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 19 MITREs 2 Malwares 4 IOCs 2 Observables
-
AlienVault Confidence 100 2 CVEs 20 MITREs 2 IOCs 2 Observables
-
AlienVault Confidence 100 3 CVEs 19 MITREs 9 IOCs 8 Observables
-
AlienVault Confidence 100 24 MITREs 4 Malwares 9 IOCs 9 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 11 IOCs 5 Observables
Vulnerabilities (CVE) (77)
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/10/2017
- Modified
- 22/04/2026
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted …
- Attack vector
- NETWORK
- Published
- 26/06/2023
- Modified
- 21/12/2025
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 09/06/2026
- Modified
- 24/06/2026
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked …
- Attack vector
- NETWORK
- Published
- 24/07/2025
- Modified
- 13/07/2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without …
- Attack vector
- Network
- Published
- 02/02/2026
- Modified
- 19/02/2026
Tool (3)
-
LaZagne usesThe MITRE Corporation Confidence 100
[LaZagne](https://attack.mitre.org/software/S0349) is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows…
-
AADInternals usesThe MITRE Corporation Confidence 100
[AADInternals](https://attack.mitre.org/software/S0677) is a PowerShell-based framework for administering, enumerating, and exploiting Azure Active Directory. The tool is publicly available on GitHub.(Citation: AADInternals Github)(Citation: AADInternals Documentation)
-
Empire usesThe MITRE Corporation Confidence 100
[Empire](https://attack.mitre.org/software/S0363) is an open-source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents…