Skip to content

Y-Security

S0179 MimiPenguin

S0179 MimiPenguin

MimiPenguin is a credential dumper, similar to Mimikatz, designed specifically for Linux platforms. ¹

Item	Value
ID	S0179
Associated Names
Type	TOOL
Version	1.2
Created	16 January 2018
Last Modified	15 October 2021
Navigation Layer	View In ATT&CK® Navigator

Techniques Used

Domain	ID	Name	Use
enterprise	T1003	OS Credential Dumping	-
enterprise	T1003.007	Proc Filesystem	MimiPenguin can use the `<PID>/maps` and `<PID>/mem` file to search for regex patterns and dump the process memory.¹²

Groups That Use This Software

ID	Name	References
G0139	TeamTNT	³

References

Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017. ↩↩
Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023. ↩
Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021. ↩