capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard

Published 20 hours ago verified publisher icon mandiant

Steal browser credentials

Open Ana06 opened this issue 3 years ago • 0 comments

Write rules to detect the ability to capture or mine credentials stored, cached, or used by the browser (Chrome, Opera, Firefox, Internet Explorer).

Possible test samples

Publicly available samples that may contain the capability this rule should detect (MD5 hashes):

  • 7beb638507574423893e89883bcb1161
  • 1b8ee96f844c4633feb3f3bcdd43aa9c
  • fae0fc8ee982b5998ae9d939777241fb

References

Links or references to additional information on the capability (can also be included in the rule):

  • https://attack.mitre.org/techniques/T1555

Namespace

Proposed namespace: collection/browser. More details in https://github.com/fireeye/capa-rules/blob/master/doc/format.md#rule-namespace

att&ck

aka.mitre.att&ck.t1555.003

Additional information

Related rule: collection/browser/gather-firefox-profile-information.yml Related issue: https://github.com/fireeye/capa-rules/issues/322

Ana06 avatar Apr 19 '21 15:04 Ana06