Windows Credential Editor
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
Windows Credential Editor can dump credentials.(Citation: Amplia WCE) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0065 | Leviathan |
(Citation: FireEye APT40 March 2019) |
G0053 | FIN5 |
(Citation: DarkReading FireEye FIN5 Oct 2015) (Citation: Mandiant FIN5 GrrCON Oct 2016) |
G0087 | APT39 |
(Citation: FireEye APT39 Jan 2019) (Citation: Dark Reading APT39 JAN 2019) |
G0037 | FIN6 |
(Citation: FireEye FIN6 April 2016) |
G0093 | GALLIUM |
(Citation: Microsoft GALLIUM December 2019) |
G0027 | Threat Group-3390 |
(Citation: Dell TG-3390) |
G0060 | BRONZE BUTLER |
(Citation: Secureworks BRONZE BUTLER Oct 2017) (Citation: Symantec Tick Apr 2016) |
References
- Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved September 12, 2024.
- Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.
- Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.
- Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
- Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.
- Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.
- FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.
- MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
- Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.