Skip to content

S0179 MimiPenguin

MimiPenguin is a credential dumper, similar to Mimikatz, designed specifically for Linux platforms. 1

Item Value
ID S0179
Associated Names
Version 1.2
Created 16 January 2018
Last Modified 15 October 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1003 OS Credential Dumping -
enterprise T1003.007 Proc Filesystem MimiPenguin can use the <PID>/maps and <PID>/mem file to search for regex patterns and dump the process memory.12

Groups That Use This Software

ID Name References
G0139 TeamTNT 3