pwdump
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1003 | .002 | OS Credential Dumping: Security Account Manager |
pwdump can be used to dump credentials from the SAM.(Citation: Wikipedia pwdump) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0087 | APT39 |
(Citation: Symantec Chafer February 2018) |
G0045 | menuPass |
(Citation: PWC Cloud Hopper Technical Annex April 2017) |
G0053 | FIN5 |
(Citation: Mandiant FIN5 GrrCON Oct 2016) |
G0096 | APT41 |
(Citation: FireEye APT41 Aug 2019) |
G0006 | APT1 |
(Citation: Mandiant APT1) |
G0027 | Threat Group-3390 |
(Citation: Unit42 Emissary Panda May 2019) |
References
- Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.
- Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.
- PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
- Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
- Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
- Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
- Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.