S0006 pwdump
pwdump is a credential dumper. 1
| Item | Value |
|---|---|
| ID | S0006 |
| Associated Names | |
| Type | TOOL |
| Version | 1.1 |
| Created | 31 May 2017 |
| Last Modified | 13 August 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1003 | OS Credential Dumping | - |
| enterprise | T1003.002 | Security Account Manager | pwdump can be used to dump credentials from the SAM.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0096 | APT41 | 2 |
| G0053 | FIN5 | 3 |
| G0087 | APT39 | 4 |
| G0027 | Threat Group-3390 | 5 |
| G0006 | APT1 | 6 |
| G0045 | menuPass | 7 |
References
-
Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016. ↩↩
-
Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019. ↩
-
Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017. ↩
-
Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020. ↩
-
Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019. ↩
-
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016. ↩
-
PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017. ↩