Skip to content

Hide Navigation Hide TOC

Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0)

Detects file access to browser credential storage paths by non-browser processes, which may indicate credential access attempts. Adversaries may attempt to access browser credential storage to extract sensitive information such as usernames and passwords or cookies. This behavior is often commonly observed in credential stealing malware.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0) Sigma-Rules Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 1
Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0) Sigma-Rules Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2