Home >
Enterprise >
Participants >
McAfee >
OS Credential Dumping (T1003)
|
|
See technique results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
4.B.7
|
|
|||||
15.A.6
|
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
6.C.1
|
|
|||||
14.B.4
|
|
|||||
16.D.2
|
|
Procedure
Dumped the KRBTGT hash on the domain controller host NewYork (10.0.0.4) using Mimikatz (m.exe)
Criteria
m.exe injecting into lsass.exe to dump credentials
Footnotes
- MVISION Endpoint would have blocked the malicious file m.exe due to a cloud-based classification detected by Advanced Threat Protection signature.


Procedure
Dumped the KRBTGT hash on the domain controller host NewYork (10.0.0.4) using Mimikatz (m.exe)
Criteria
m.exe injecting into lsass.exe to dump credentials
Footnotes
- MVISION Endpoint would have blocked the malicious file m.exe due to a cloud-based classification detected by Advanced Threat Protection signature.


APT3 |
||||
Step | ATT&CK Pattern |
|
||
5.A.1.1
|
|
|||
5.A.2.1
|
|