Skip to content


HOMEFRY is a 64-bit Windows password dumper/cracker that has previously been used in conjunction with other Leviathan backdoors. 1

Item Value
ID S0232
Associated Names
Version 1.1
Created 18 April 2018
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell HOMEFRY uses a command-line interface.1
enterprise T1027 Obfuscated Files or Information Some strings in HOMEFRY are obfuscated with XOR x56.1
enterprise T1003 OS Credential Dumping HOMEFRY can perform credential dumping.1

Groups That Use This Software

ID Name References
G0065 Leviathan 1


Back to top