T1552 Unsecured Credentials Mappings

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-2 Account Management Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-3 Access Enforcement Protects T1552 Unsecured Credentials
AC-4 Information Flow Enforcement Protects T1552 Unsecured Credentials
AC-5 Separation of Duties Protects T1552 Unsecured Credentials
AC-6 Least Privilege Protects T1552 Unsecured Credentials
CA-7 Continuous Monitoring Protects T1552 Unsecured Credentials
CA-8 Penetration Testing Protects T1552 Unsecured Credentials
CM-2 Baseline Configuration Protects T1552 Unsecured Credentials
CM-5 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-6 Configuration Settings Protects T1552 Unsecured Credentials
CM-7 Least Functionality Protects T1552 Unsecured Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1552 Unsecured Credentials
IA-3 Device Identification and Authentication Protects T1552 Unsecured Credentials
IA-4 Identifier Management Protects T1552 Unsecured Credentials
IA-5 Authenticator Management Protects T1552 Unsecured Credentials
RA-5 Vulnerability Monitoring and Scanning Protects T1552 Unsecured Credentials
SA-11 Developer Testing and Evaluation Protects T1552 Unsecured Credentials
SA-15 Development Process, Standards, and Tools Protects T1552 Unsecured Credentials
SC-12 Cryptographic Key Establishment and Management Protects T1552 Unsecured Credentials
SC-28 Protection of Information at Rest Protects T1552 Unsecured Credentials
SC-4 Information in Shared System Resources Protects T1552 Unsecured Credentials
SC-7 Boundary Protection Protects T1552 Unsecured Credentials
SI-10 Information Input Validation Protects T1552 Unsecured Credentials
SI-12 Information Management and Retention Protects T1552 Unsecured Credentials
SI-15 Information Output Filtering Protects T1552 Unsecured Credentials
SI-2 Flaw Remediation Protects T1552 Unsecured Credentials
SI-4 System Monitoring Protects T1552 Unsecured Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1552 Unsecured Credentials

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1552.003 Bash History 4
T1552.005 Cloud Instance Metadata API 13
T1552.007 Container API 14
T1552.001 Credentials In Files 18
T1552.002 Credentials in Registry 18
T1552.006 Group Policy Preferences 13
T1552.004 Private Keys 22