Mimikatz
Associated Software Descriptions |
|
| Name | Description |
|---|---|
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0050 | APT32 |
(Citation: FireEye APT32 May 2017) (Citation: Cybereason Oceanlotus May 2017) (Citation: Cybereason Cobalt Kitty 2017) |
| G0016 | APT29 |
(Citation: F-Secure The Dukes) (Citation: Microsoft 365 Defender Solorigate) (Citation: CrowdStrike StellarParticle January 2022) |
| G1006 | Earth Lusca |
(Citation: TrendMicro EarthLusca 2022) |
| G0046 | FIN7 |
(Citation: CrowdStrike Carbon Spider August 2021) |
| G0079 | DarkHydrus |
(Citation: Unit 42 DarkHydrus July 2018) (Citation: Unit 42 Playbook Dec 2017) |
| G0118 | UNC2452 |
(Citation: Microsoft 365 Defender Solorigate) |
| G0092 | TA505 |
(Citation: NCC Group TA505) |
| G1030 | Agrius |
(Citation: Unit42 Agrius 2023) |
| G0060 | BRONZE BUTLER |
(Citation: Secureworks BRONZE BUTLER Oct 2017) (Citation: Symantec Tick Apr 2016) (Citation: Trend Micro Tick November 2019) |
| G0034 | Sandworm Team |
(Citation: Dragos Crashoverride 2018) |
| G0064 | APT33 |
(Citation: Symantec Elfin Mar 2019) |
| G1024 | Akira |
(Citation: Arctic Wolf Akira 2023) |
| G0131 | Tonto Team |
(Citation: Kaspersky CactusPete Aug 2020) |
| G0087 | APT39 |
(Citation: FireEye APT39 Jan 2019) (Citation: Dark Reading APT39 JAN 2019) (Citation: BitDefender Chafer May 2020) (Citation: Symantec Chafer February 2018) |
| G0108 | Blue Mockingbird |
(Citation: RedCanary Mockingbird May 2020) |
| G0080 | Cobalt Group |
(Citation: PTSecurity Cobalt Group Aug 2017) (Citation: PTSecurity Cobalt Dec 2016) (Citation: Group IB Cobalt Aug 2017) |
| G0027 | Threat Group-3390 |
(Citation: Talent-Jump Clambling February 2020) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Profero APT27 December 2020) (Citation: Trend Micro DRBControl February 2020) (Citation: Nccgroup Emissary Panda May 2018) |
| G0004 | Ke3chang |
(Citation: NCC Group APT15 Alive and Strong) (Citation: Microsoft NICKEL December 2021) |
| G0045 | menuPass |
(Citation: PWC Cloud Hopper Technical Annex April 2017) |
| G1023 | APT5 |
(Citation: Mandiant Pulse Secure Update May 2021) |
| G0088 | TEMP.Veles |
(Citation: FireEye TRITON 2019) |
| G0007 | APT28 |
(Citation: Kaspersky Sofacy) |
| G0006 | APT1 |
(Citation: Mandiant APT1) |
| G1016 | FIN13 |
(Citation: Mandiant FIN13 Aug 2022) |
| G0059 | Magic Hound |
(Citation: FireEye APT35 2018) |
| G0086 | Stolen Pencil |
(Citation: Netscout Stolen Pencil Dec 2018) |
| G1015 | Scattered Spider |
(Citation: CISA Scattered Spider Advisory November 2023) (Citation: MSTIC Octo Tempest Operations October 2023) |
| G0076 | Thrip |
(Citation: Symantec Thrip June 2018) |
| G0116 | Operation Wocao |
(Citation: FoxIT Wocao December 2019) |
| G1004 | LAPSUS$ |
(Citation: MSTIC DEV-0537 Mar 2022) |
| G1017 | Volt Typhoon |
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024) (Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023) |
| G0135 | BackdoorDiplomacy |
(Citation: ESET BackdoorDiplomacy Jun 2021) |
| G0119 | Indrik Spider |
(Citation: Crowdstrike Indrik November 2018) (Citation: Mandiant_UNC2165) |
| G0093 | GALLIUM |
(Citation: Cybereason Soft Cell June 2019) (Citation: Microsoft GALLIUM December 2019) |
| G0069 | MuddyWater |
(Citation: Unit 42 MuddyWater Nov 2017) (Citation: TrendMicro POWERSTATS V3 June 2019) |
| G0077 | Leafminer |
(Citation: Symantec Leafminer July 2018) |
| G0096 | APT41 |
(Citation: FireEye APT41 Aug 2019) (Citation: Group IB APT 41 June 2021) |
| G0032 | Lazarus Group |
(Citation: Lazarus KillDisk) |
| G0003 | Cleaver |
(Citation: Cylance Cleaver) |
| G0082 | APT38 |
(Citation: FireEye APT38 Oct 2018) |
| G0010 | Turla |
(Citation: ESET Turla Mosquito May 2018) (Citation: Symantec Waterbug Jun 2019) |
| G0114 | Chimera |
(Citation: Cycraft Chimera April 2020) (Citation: NCC Group Chimera January 2021) |
| G0102 | Wizard Spider |
(Citation: FireEye KEGTAP SINGLEMALT October 2020) (Citation: DHS/CISA Ransomware Targeting Healthcare October 2020) |
| G0008 | Carbanak |
(Citation: Kaspersky Carbanak) |
| G0011 | PittyTiger |
(Citation: Bizeul 2014) |
| G1001 | HEXANE |
(Citation: Kaspersky Lyceum October 2021) |
| G0035 | Dragonfly |
(Citation: Secureworks IRON LIBERTY July 2019) |
| G0049 | OilRig |
(Citation: FireEye APT34 Webinar Dec 2017) (Citation: FireEye APT35 2018) (Citation: Symantec Crambus OCT 2023) (Citation: Unit42 OilRig Playbook 2023) |
| G0094 | Kimsuky |
(Citation: Netscout Stolen Pencil Dec 2018) (Citation: KISA Operation Muzabi) (Citation: Mandiant APT43 March 2024) |
| G1040 | Play |
(Citation: Trend Micro Ransomware Spotlight Play July 2023) |
| G0037 | FIN6 |
(Citation: Security Intelligence More Eggs Aug 2019) |
| G0107 | Whitefly |
(Citation: Symantec Whitefly March 2019) |
| G1043 | BlackByte |
(Citation: Microsoft BlackByte 2023) |
References
- Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.
- Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
- Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.
- Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.
- Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.
- Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.
- Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.
- Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
- Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.
- Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
- Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.
- The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
- Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.
- Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.