#T1003 OS Credential Dumping

Technique

  • Tactics: Credential Access
  • Description:

    Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures.(Citation: Brining MimiKatz to Unix) Credentials can then be used to perform [Lateral Movement](https://attack.mitre.org/tactics/TA0008) and access restricted information.

    Several of the tools mentioned in associated sub-techniques may be used by both adversaries and professional security testers. Additional custom tools likely exist as well.

  • First Seen: Kimsuky • 2019-08-26
MITRE ATT&CK

Tagged Reports

2023-08-08
Crowd Strike
#LabyrinthChollima #Trend #T1190 #T1036 #T1016 #T1482 #T1056 #T1558 #T1556 #T1480 #T1552 #T1078 #T1020 #T1555 #T1556.008 #T1046 #T1547 #T1070 #T1110 #T1204 #T1059 #T1003
2023-01-31
ESET
#Trend #T1102.002 #T1190 #T1027 #T1560.001 #T1567 #T1102 #T1027.002 #T1071 #T1574 #T1566.001 #T1566 #T1553.002 #T1090 #T1027.006 #T1567.002 #T1553 #T1584 #T1218 #T1027.007 #T1505 #T1505.003 #T1113 #T1555 #T1560 #T1071.004 #T1195 #T1204.002 #T1584.006 #T1218.001 #T1195.002 #T1574.002 #T1484.001 #T1484 #T1555.003 #T1204 #T1090.003 #T1003
2023-01-05
Attack IQ
#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003
2022-09-08
Cisco Talos
#VSingle #MagicRAT #YamaBot #T1562 #T1136 #T1190 #T1608 #T1543 #T1082 #T1090 #T1021 #T1140 #T1518 #T1219 #T1560 #T1547 #T1590 #T1087 #T1070 #T1083 #T1053 #T1033 #T1003
2022-04-29
PWC
#Trend #BlackBanshee #BlackAlicanto #T1589 #T1069 #T1190 #T1608 #T1036 #T1573 #T1036.007 #T1059.005 #T1068 #T1027 #T1570 #T1595 #T1048 #T1592 #T1615 #T1071 #T1482 #T1057 #T1082 #T1056 #T1059.003 #T1221 #T1566.001 #T1566 #T1074.001 #T1614.001 #T1016.001 #T1591 #T1548 #T1090 #T1547.001 #T1620 #T1049 #T1021 #T1135 #T1005 #T1078 #T1204.001 #T1070.004 #T1053.005 #T1041 #T1113 #T1132.001 #T1555 #T1560 #T1204.002 #T1105 #T1071.001 #T1039 #T1132 #T1547 #T1112 #T1070 #T1087 #T1083 #T1486 #T1124 #T1033 #T1210 #T1110 #T1095 #T1204 #T1059 #T1003
2020-10-27
USCISA
#Kimsuky #T1562.004 #T1082 #T1548.002 #T1550.002 #T1566.001 #T1074.001 #T1573.001 #T1547.001 #T1070.004 #T1505.003 #T1219 #T1560 #T1055 #T1547 #T1059.006 #T1083 #T1218.005 #T1059.001 #T1040 #T1189 #T1546.001 #T1056.001 #T1566.002 #T1021.001 #T1114.003 #T1185 #T1003
2020-02-25
Sentinel One
#HiddenCobra #T1012 #T1043 #T1016 #T1027 #T1050 #T1048 #T1065 #T1057 #T1056 #T1082 #T1024 #T1090 #T1005 #T1193 #T1041 #T1105 #T1132 #T1055 #T1060 #T1083 #T1064 #T1124 #T1033 #T1074 #T1204 #T1003
2019-08-26
MITRE
#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003
« Back