DET0633 Detection of Credentials from Password Store

Item	Value
ID	DET0633
Version	1.0
Created	21 October 2025
Last Modified	21 October 2025

Technique Detected: T1634 (Credentials from Password Store)

Analytics

iOS

AN1705

Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations. Mobile security products can potentially detect jailbroken devices.

Log Sources

Data Component	Name	Channel
API Calls (DC0112)	Application Vetting	None
Host Status (DC0018)	Sensor Health	None

Mutable Elements

Field	Description