Skip to content

Hide Navigation Hide TOC

Registry Export of Third-Party Credentials (cc1abf27-78a3-4ac5-a51c-f3070b1d8e40)

Detects the use of reg.exe to export registry paths associated with third-party credentials. Credential stealers have been known to use this technique to extract sensitive information from the registry.

Cluster A Galaxy A Cluster B Galaxy B Level
Registry Export of Third-Party Credentials (cc1abf27-78a3-4ac5-a51c-f3070b1d8e40) Sigma-Rules Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 1
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2