216.73.217.22

NPPSPY

The MITRE Corporation · Published 17/05/2024 20:49 · Modified 27/03/2026 01:07

Essential information

Confidence
100/100
Published
17/05/2024 20:49
Modified
27/03/2026 01:07
Revoked
No
Author / Source
The MITRE Corporation
Related entities
8 attack patterns (mitre)

Description

NPPSPY is an implementation of a theoretical mechanism first presented in 2004 for capturing credentials submitted to a Windows system via a rogue Network Provider API item. NPPSPY captures credentials following submission and writes them to a file on the victim system for follow-on exfiltration.(Citation: Huntress NPPSPY 2022)(Citation: Polak NPPSPY 2004)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets, tools and other entities linked to this tool.