Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Mimikatz

Mimikatz is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of networks. (Citation: Deply Mimikatz) (Citation: Adsecurity Mimikatz Guide)
ID: S0002
Associated Software:
Type: TOOL
Platforms: Windows
Version: 1.10
Created: 31 May 2017
Last Modified: 27 Nov 2024

Associated Software Descriptions

Name Description

Groups That Use This Software

ID Name References
G0050 APT32

(Citation: FireEye APT32 May 2017) (Citation: Cybereason Oceanlotus May 2017) (Citation: Cybereason Cobalt Kitty 2017)

G0016 APT29

(Citation: F-Secure The Dukes) (Citation: Microsoft 365 Defender Solorigate) (Citation: CrowdStrike StellarParticle January 2022)

G1006 Earth Lusca

(Citation: TrendMicro EarthLusca 2022)

G0046 FIN7

(Citation: CrowdStrike Carbon Spider August 2021)

G0079 DarkHydrus

(Citation: Unit 42 DarkHydrus July 2018) (Citation: Unit 42 Playbook Dec 2017)

G0118 UNC2452

(Citation: Microsoft 365 Defender Solorigate)

G0092 TA505

(Citation: NCC Group TA505)

G1030 Agrius

(Citation: Unit42 Agrius 2023)

G0060 BRONZE BUTLER

(Citation: Secureworks BRONZE BUTLER Oct 2017) (Citation: Symantec Tick Apr 2016) (Citation: Trend Micro Tick November 2019)

G0034 Sandworm Team

(Citation: Dragos Crashoverride 2018)

G0064 APT33

(Citation: Symantec Elfin Mar 2019)

G1024 Akira

(Citation: Arctic Wolf Akira 2023)

G0131 Tonto Team

(Citation: Kaspersky CactusPete Aug 2020)

G0087 APT39

(Citation: FireEye APT39 Jan 2019) (Citation: Dark Reading APT39 JAN 2019) (Citation: BitDefender Chafer May 2020) (Citation: Symantec Chafer February 2018)

G0108 Blue Mockingbird

(Citation: RedCanary Mockingbird May 2020)

G0080 Cobalt Group

(Citation: PTSecurity Cobalt Group Aug 2017) (Citation: PTSecurity Cobalt Dec 2016) (Citation: Group IB Cobalt Aug 2017)

G0027 Threat Group-3390

(Citation: Talent-Jump Clambling February 2020) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Profero APT27 December 2020) (Citation: Trend Micro DRBControl February 2020) (Citation: Nccgroup Emissary Panda May 2018)

G0004 Ke3chang

(Citation: NCC Group APT15 Alive and Strong) (Citation: Microsoft NICKEL December 2021)

G0045 menuPass

(Citation: PWC Cloud Hopper Technical Annex April 2017)

G1023 APT5

(Citation: Mandiant Pulse Secure Update May 2021)

G0088 TEMP.Veles

(Citation: FireEye TRITON 2019)

G0007 APT28

(Citation: Kaspersky Sofacy)

G0006 APT1

(Citation: Mandiant APT1)

G1016 FIN13

(Citation: Mandiant FIN13 Aug 2022)

G0059 Magic Hound

(Citation: FireEye APT35 2018)

G0086 Stolen Pencil

(Citation: Netscout Stolen Pencil Dec 2018)

G1015 Scattered Spider

(Citation: CISA Scattered Spider Advisory November 2023) (Citation: MSTIC Octo Tempest Operations October 2023)

G0076 Thrip

(Citation: Symantec Thrip June 2018)

G0116 Operation Wocao

(Citation: FoxIT Wocao December 2019)

G1004 LAPSUS$

(Citation: MSTIC DEV-0537 Mar 2022)

G1017 Volt Typhoon

(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024) (Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)

G0135 BackdoorDiplomacy

(Citation: ESET BackdoorDiplomacy Jun 2021)

G0119 Indrik Spider

(Citation: Crowdstrike Indrik November 2018) (Citation: Mandiant_UNC2165)

G0093 GALLIUM

(Citation: Cybereason Soft Cell June 2019) (Citation: Microsoft GALLIUM December 2019)

G0069 MuddyWater

(Citation: Unit 42 MuddyWater Nov 2017) (Citation: TrendMicro POWERSTATS V3 June 2019)

G0077 Leafminer

(Citation: Symantec Leafminer July 2018)

G0096 APT41

(Citation: FireEye APT41 Aug 2019) (Citation: Group IB APT 41 June 2021)

G0032 Lazarus Group

(Citation: Lazarus KillDisk)

G0003 Cleaver

(Citation: Cylance Cleaver)

G0082 APT38

(Citation: FireEye APT38 Oct 2018)

G0010 Turla

(Citation: ESET Turla Mosquito May 2018) (Citation: Symantec Waterbug Jun 2019)

G0114 Chimera

(Citation: Cycraft Chimera April 2020) (Citation: NCC Group Chimera January 2021)

G0102 Wizard Spider

(Citation: FireEye KEGTAP SINGLEMALT October 2020) (Citation: DHS/CISA Ransomware Targeting Healthcare October 2020)

G0008 Carbanak

(Citation: Kaspersky Carbanak)

G0011 PittyTiger

(Citation: Bizeul 2014)

G1001 HEXANE

(Citation: Kaspersky Lyceum October 2021)

G0035 Dragonfly

(Citation: Secureworks IRON LIBERTY July 2019)

G0049 OilRig

(Citation: FireEye APT34 Webinar Dec 2017) (Citation: FireEye APT35 2018) (Citation: Symantec Crambus OCT 2023) (Citation: Unit42 OilRig Playbook 2023)

G0094 Kimsuky

(Citation: Netscout Stolen Pencil Dec 2018) (Citation: KISA Operation Muzabi) (Citation: Mandiant APT43 March 2024)

G1040 Play

(Citation: Trend Micro Ransomware Spotlight Play July 2023)

G0037 FIN6

(Citation: Security Intelligence More Eggs Aug 2019)

G0107 Whitefly

(Citation: Symantec Whitefly March 2019)

G1043 BlackByte

(Citation: Microsoft BlackByte 2023)

References

  1. Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.
  2. Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
  3. Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.
  4. Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.
  5. Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.
  6. Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.
  7. Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.
  8. Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
  9. Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.
  10. Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
  11. Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.
  12. The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
  13. Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.
  14. Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.