Home
ATT&CK Techniques
T1552 Unsecured Credentials

T1552 Unsecured Credentials Mappings

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1552	Unsecured Credentials
AC-17	Remote Access	Protects	T1552	Unsecured Credentials
AC-18	Wireless Access	Protects	T1552	Unsecured Credentials
AC-19	Access Control for Mobile Devices	Protects	T1552	Unsecured Credentials
AC-02	Account Management	Protects	T1552	Unsecured Credentials
AC-20	Use of External Systems	Protects	T1552	Unsecured Credentials
AC-03	Access Enforcement	Protects	T1552	Unsecured Credentials
AC-04	Information Flow Enforcement	Protects	T1552	Unsecured Credentials
AC-05	Separation of Duties	Protects	T1552	Unsecured Credentials
AC-06	Least Privilege	Protects	T1552	Unsecured Credentials
CA-07	Continuous Monitoring	Protects	T1552	Unsecured Credentials
CA-08	Penetration Testing	Protects	T1552	Unsecured Credentials
CM-02	Baseline Configuration	Protects	T1552	Unsecured Credentials
CM-05	Access Restrictions for Change	Protects	T1552	Unsecured Credentials
CM-06	Configuration Settings	Protects	T1552	Unsecured Credentials
CM-07	Least Functionality	Protects	T1552	Unsecured Credentials
IA-02	Identification and Authentication (organizational Users)	Protects	T1552	Unsecured Credentials
IA-03	Device Identification and Authentication	Protects	T1552	Unsecured Credentials
IA-04	Identifier Management	Protects	T1552	Unsecured Credentials
IA-05	Authenticator Management	Protects	T1552	Unsecured Credentials
RA-05	Vulnerability Monitoring and Scanning	Protects	T1552	Unsecured Credentials
SA-11	Developer Testing and Evaluation	Protects	T1552	Unsecured Credentials
SA-15	Development Process, Standards, and Tools	Protects	T1552	Unsecured Credentials
SC-12	Cryptographic Key Establishment and Management	Protects	T1552	Unsecured Credentials
SC-28	Protection of Information at Rest	Protects	T1552	Unsecured Credentials
SC-04	Information in Shared System Resources	Protects	T1552	Unsecured Credentials
SC-07	Boundary Protection	Protects	T1552	Unsecured Credentials
SI-10	Information Input Validation	Protects	T1552	Unsecured Credentials
SI-12	Information Management and Retention	Protects	T1552	Unsecured Credentials
SI-15	Information Output Filtering	Protects	T1552	Unsecured Credentials
SI-02	Flaw Remediation	Protects	T1552	Unsecured Credentials
SI-04	System Monitoring	Protects	T1552	Unsecured Credentials
SI-07	Software, Firmware, and Information Integrity	Protects	T1552	Unsecured Credentials
PUR-IP-E5	Information Protection	Technique Scores	T1552	Unsecured Credentials
PUR-AS-E5	Audit Solutions	Technique Scores	T1552	Unsecured Credentials
DEF-IR-E5	Incident Response	Technique Scores	T1552	Unsecured Credentials
DO365-ATH-E5	Advanced Threat Hunting	Technique Scores	T1552	Unsecured Credentials

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1552.005	Cloud Instance Metadata API	14
T1552.002	Credentials in Registry	18
T1552.004	Private Keys	23
T1552.003	Bash History	4
T1552.001	Credentials In Files	18
T1552.006	Group Policy Preferences	13
T1552.008	Chat Messages	5
T1552.007	Container API	14