Primary Refresh Token Access Attempt (a84fc3b1-c9ce-4125-8e74-bdcdb24021f1)
Indicates access attempt to the PRT resource which can be used to move laterally into an organization or perform credential theft
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) | Attack Pattern | Primary Refresh Token Access Attempt (a84fc3b1-c9ce-4125-8e74-bdcdb24021f1) | Sigma-Rules | 1 |