Skip to content

S0005 Windows Credential Editor

Windows Credential Editor is a password dumping tool. 1

Item Value
ID S0005
Associated Names
Type TOOL
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1003 OS Credential Dumping -
enterprise T1003.001 LSASS Memory Windows Credential Editor can dump credentials.1

Groups That Use This Software

ID Name References
G0093 GALLIUM 2
G0060 BRONZE BUTLER 34
G0037 FIN6 5
G0053 FIN5 67
G0027 Threat Group-3390 8
G0065 Leviathan 9
G0087 APT39 1011

References

Back to top