Searching for Passwords in Files¶
Adversaries may search local file systems and remote file shares for files containing passwords.
| id: | 62b7273b-67b2-4698-95b5-f6fafabc3390 |
|---|---|
| categories: | detect |
| confidence: | low |
| os: | windows |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Credential Access |
|---|---|
| techniques: | T1081 Credentials in Files |
Query¶
process where subtype.create and
process_name == "findstr.exe" and command_line == "*password*"
| unique parent_process_name, command_line