Esc
Password Managers - T1555.005
(ATT&CK® Technique)
Definition
Adversaries may acquire user credentials from third-party password managers. Password managers are applications designed to store user credentials, normally in an encrypted database. Credentials are typically accessible after a user provides a master password that unlocks the database. After the database is unlocked, these credentials may be copied to memory. These databases can be stored as files on disk.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1555005["Password Managers"] --> |may-access| DatabaseFile["Database File"]; class T1555005 OffensiveTechniqueNode;
class DatabaseFile ArtifactNode; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile";
click T1555005 href "/offensive-technique/attack/T1555.005/"; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile"; T1555005["Password Managers"] --> |accesses| PasswordStore["Password Store"]; class T1555005 OffensiveTechniqueNode;
class PasswordStore ArtifactNode; click PasswordStore href "/dao/artifact/d3f:PasswordStore";
click T1555005 href "/offensive-technique/attack/T1555.005/"; click PasswordStore href "/dao/artifact/d3f:PasswordStore";DecoyFile["Decoy File"] -->
| spoofs | DatabaseFile["Database File"];
DecoyFile["Decoy File"] -.->
| may-deceive | T1555005["Password Managers"] ;
class DecoyFile DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] -->
| analyzes | DatabaseFile["Database File"];
FileIntegrityMonitoring["File Integrity Monitoring"] -.->
| may-detect | T1555005["Password Managers"] ;
class FileIntegrityMonitoring DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileEviction["File Eviction"] -->
| deletes | DatabaseFile["Database File"];
FileEviction["File Eviction"] -.->
| may-evict | T1555005["Password Managers"] ;
class FileEviction DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click FileEviction href "/technique/d3f:FileEviction"; FileEncryption["File Encryption"] -->
| encrypts | DatabaseFile["Database File"];
FileEncryption["File Encryption"] -.->
| may-harden | T1555005["Password Managers"] ;
class FileEncryption DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] -->
| restricts | DatabaseFile["Database File"];
LocalFilePermissions["Local File Permissions"] -.->
| may-isolate | T1555005["Password Managers"] ;
class LocalFilePermissions DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; RestoreFile["Restore File"] -->
| restores | DatabaseFile["Database File"];
RestoreFile["Restore File"] -.->
| may-restore | T1555005["Password Managers"] ;
class RestoreFile DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click RestoreFile href "/technique/d3f:RestoreFile"; RestoreDatabase["Restore Database"] -->
| restores | PasswordStore["Password Store"];
RestoreDatabase["Restore Database"] -.->
| may-restore | T1555005["Password Managers"] ;
class RestoreDatabase DefensiveTechniqueNode;
class PasswordStore ArtifactNode;
click RestoreDatabase href "/technique/d3f:RestoreDatabase"; FileAnalysis["File Analysis"] -->
| analyzes | DatabaseFile["Database File"];
FileAnalysis["File Analysis"] -.->
| may-detect | T1555005["Password Managers"] ;
class FileAnalysis DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click FileAnalysis href "/technique/d3f:FileAnalysis"; RemoteFileAccessMediation["Remote File Access Mediation"] -->
| isolates | DatabaseFile["Database File"];
RemoteFileAccessMediation["Remote File Access Mediation"] -.->
| may-isolate | T1555005["Password Managers"] ;
class RemoteFileAccessMediation DefensiveTechniqueNode;
class DatabaseFile ArtifactNode;
click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation";