EXPLORE
Sign In
← Back to Explore
T1110.004

Credential Stuffing

Adversaries may use credentials obtained from breach dumps of unrelated accounts to gain access to target accounts through credential overlap. Occasionally, large numbers of username and password pairs are dumped online when a website or service is compromised and the user account credentials accessed. The information may be useful to an adversary attempting to compromise accounts by taking advantage of the tendency for users to use the same passwords across personal and business accounts. Cred...

WindowsSaaSIaaSLinuxmacOSContainersNetwork DevicesOffice SuiteIdentity ProviderESXi
21
Detections
2
Sources
1
Threat Actors

BY SOURCE

12splunk_escu9elastic

PROCEDURES (11)

Credential4 detections

Auto-extracted: 4 detections for credential

Authentication Monitoring2 detections

Auto-extracted: 2 detections for authentication monitoring

Brute Force2 detections

Auto-extracted: 2 detections for brute force

Azure2 detections

Auto-extracted: 2 detections for azure

Unusual2 detections

Auto-extracted: 2 detections for unusual

Aws2 detections

Auto-extracted: 2 detections for aws

Lateral2 detections

Auto-extracted: 2 detections for lateral

Credential2 detections

Auto-extracted: 2 detections for credential

Credential1 detections

Auto-extracted: 1 detections for credential

Brute Force1 detections

Auto-extracted: 1 detections for brute force

Cloud1 detections

Auto-extracted: 1 detections for cloud

THREAT ACTORS (1)

Chimera

DETECTIONS (21)

AWS High Number Of Failed Authentications From Ip
splunk_escu
AWS Multiple Users Failing To Authenticate From Ip
splunk_escu
AWS Unusual Number of Failed Authentications From Ip
splunk_escu
Azure AD Multi-Source Failed Authentications Spike
splunk_escu
Azure AD Multiple Users Failing To Authenticate From Ip
splunk_escu
Azure AD Unusual Number of Failed Authentications From Ip
splunk_escu
CrushFTP Max Simultaneous Users From IP
splunk_escu
Entra ID Excessive Account Lockouts Detected
elastichigh
Entra ID Sign-in Brute Force Attempted (Microsoft 365)
elasticmedium
Entra ID User Sign-in Brute Force Attempted
elasticmedium
GCP Multiple Users Failing To Authenticate From Ip
splunk_escu
GCP Unusual Number of Failed Authentications From Ip
splunk_escu
M365 Identity User Account Lockouts
elasticmedium
M365 Identity User Brute Force Attempted
elasticmedium
Multiple Okta User Auth Events with Same Device Token Hash Behind a Proxy
elasticmedium
Multiple Okta User Authentication Events with Same Device Token Hash
elasticlow
O365 Multi-Source Failed Authentications Spike
splunk_escu
O365 Multiple Users Failing To Authenticate From Ip
splunk_escu
Okta Successful Login After Credential Attack
elastichigh
Potential Okta Credential Stuffing (Single Source)
elasticmedium
Windows Local Administrator Credential Stuffing
splunk_escu