Searching for Passwords in Files¶
Adversaries may search local file systems and remote file shares for files containing passwords.
id: | 62b7273b-67b2-4698-95b5-f6fafabc3390 |
---|---|
categories: | detect |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Credential Access |
---|---|
techniques: | T1081 Credentials in Files |
Query¶
process where subtype.create and
process_name == "findstr.exe" and command_line == "*password*"
| unique parent_process_name, command_line