Home/ MITRE Matrix/ Credential Access/ T1110.004

T1110.004Credential Stuffing

T1110.004 — Credential Stuffing is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 17 detection use cases covering it and 1 threat-intel article citing it.

Credential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

17Use cases

1Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1110 · Brute Force

Use cases covering this technique (17)

Auth0 login with known-breached password Internal delivery · alerting DD Auth0 credential-stuffing attack Internal delivery · alerting DD Credential-stuffing attack on application Internal delivery · alerting DD AWS High Number Of Failed Authentications From Ip ESCU actions · hunting P AWS Multiple Users Failing To Authenticate From Ip ESCU actions · hunting P AWS Unusual Number of Failed Authentications From Ip ESCU actions · hunting P Azure AD Multi-Source Failed Authentications Spike ESCU actions · hunting P Azure AD Multiple Users Failing To Authenticate From Ip ESCU actions · hunting P Azure AD Unusual Number of Failed Authentications From Ip ESCU actions · hunting P GCP Multiple Users Failing To Authenticate From Ip ESCU actions · hunting P GCP Unusual Number of Failed Authentications From Ip ESCU actions · hunting P O365 Multi-Source Failed Authentications Spike ESCU actions · hunting P O365 Multiple Users Failing To Authenticate From Ip ESCU actions · alerting P Windows Local Administrator Credential Stuffing ESCU actions · alerting P CrushFTP Max Simultaneous Users From IP ESCU actions · hunting P Okta ThreatInsight Login Failure with High Unknown users ESCU actions · alerting P [LLM] FortiGate SSL-VPN / admin credential brute-force or spray from single source Bespoke delivery · alerting DSPDD

Articles citing this technique (1)

high AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. art-51