gsecdump
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1003 | .002 | OS Credential Dumping: Security Account Manager |
gsecdump can dump Windows password hashes from the SAM.(Citation: Microsoft Gsecdump) |
.004 | OS Credential Dumping: LSA Secrets |
gsecdump can dump LSA secrets.(Citation: TrueSec Gsecdump) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
(Citation: McAfee Night Dragon) |
||
G0027 | Threat Group-3390 |
(Citation: Dell TG-3390) |
G0014 | Night Dragon |
(Citation: McAfee Night Dragon) |
G0006 | APT1 |
(Citation: Mandiant APT1) |
G0011 | PittyTiger |
(Citation: Bizeul 2014) |
G0131 | Tonto Team |
(Citation: TrendMicro Tonto Team October 2020) |
G0060 | BRONZE BUTLER |
(Citation: Secureworks BRONZE BUTLER Oct 2017) (Citation: Symantec Tick Apr 2016) |
References
- McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
- TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.
- McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
- Vincent Tiu. (2017, September 15). HackTool:Win32/Gsecdump. Retrieved January 10, 2024.
- Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
- Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
- Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
- Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.