Credential API Hooking (T1056.004)

Adversaries may hook into Windows application programming interface (API) functions to collect user credentials.

Tactics
TA0006 TA0009

Sub-technique of
T1056

---

See: MITRE ATT&CK