Esc

Private Keys - T1552.004

(ATT&CK® Technique)

Definition

Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures. Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc.

D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.

        graph LR;

     T1552004["Private Keys"] --> |accesses| PrivateKey["Private Key"]; class T1552004 OffensiveTechniqueNode;
        class PrivateKey ArtifactNode; click PrivateKey href "/dao/artifact/d3f:PrivateKey";
        click T1552004 href "/offensive-technique/attack/T1552.004/"; click PrivateKey href "/dao/artifact/d3f:PrivateKey";     T1552004["Private Keys"] --> |accesses| Credential["Credential"]; class T1552004 OffensiveTechniqueNode;
        class Credential ArtifactNode; click Credential href "/dao/artifact/d3f:Credential";
        click T1552004 href "/offensive-technique/attack/T1552.004/"; click Credential href "/dao/artifact/d3f:Credential";         DecoyUserCredential["Decoy User Credential"] -->
          | spoofs | Credential["Credential"];

          DecoyUserCredential["Decoy User Credential"] -.->
            | may-deceive | T1552004["Private Keys"] ;
          class DecoyUserCredential DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -->
          | analyzes | Credential["Credential"];

          CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.->
            | may-detect | T1552004["Private Keys"] ;
          class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -->
          | deletes | Credential["Credential"];

          AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.->
            | may-evict | T1552004["Private Keys"] ;
          class AuthenticationCacheInvalidation DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialRevocation["Credential Revocation"] -->
          | deletes | Credential["Credential"];

          CredentialRevocation["Credential Revocation"] -.->
            | may-evict | T1552004["Private Keys"] ;
          class CredentialRevocation DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click CredentialRevocation href "/technique/d3f:CredentialRevocation"; CredentialRotation["Credential Rotation"] -->
          | regenerates | Credential["Credential"];

          CredentialRotation["Credential Rotation"] -.->
            | may-harden | T1552004["Private Keys"] ;
          class CredentialRotation DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click CredentialRotation href "/technique/d3f:CredentialRotation"; Multi-factorAuthentication["Multi-factor Authentication"] -->
          | uses | Credential["Credential"];

          Multi-factorAuthentication["Multi-factor Authentication"] -.->
            | may-harden | T1552004["Private Keys"] ;
          class Multi-factorAuthentication DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; CredentialTransmissionScoping["Credential Transmission Scoping"] -->
          | isolates | Credential["Credential"];

          CredentialTransmissionScoping["Credential Transmission Scoping"] -.->
            | may-isolate | T1552004["Private Keys"] ;
          class CredentialTransmissionScoping DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; ReissueCredential["Reissue Credential"] -->
          | restores | Credential["Credential"];

          ReissueCredential["Reissue Credential"] -.->
            | may-restore | T1552004["Private Keys"] ;
          class ReissueCredential DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click ReissueCredential href "/technique/d3f:ReissueCredential"; CredentialHardening["Credential Hardening"] -->
          | hardens | Credential["Credential"];

          CredentialHardening["Credential Hardening"] -.->
            | may-harden | T1552004["Private Keys"] ;
          class CredentialHardening DefensiveTechniqueNode;
          class Credential ArtifactNode;
          click CredentialHardening href "/technique/d3f:CredentialHardening";

json