Home >
Enterprise >
Participants >
GoSecure >
OS Credential Dumping: LSASS Memory (T1003.001)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
4.B.7
|
|
|||||
15.A.6
|
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
14.B.4
|
|
|||||
16.D.2
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
5.A.1.1
|
|
Procedure
Cobalt Strike: Built-in Mimikatz credential dump capability executed
Footnotes
- According to the vendor, DDNA scans trigger due to machine learning scanning in-memory code and identifying that the code is malicious. DDNA output, which is delayed, shows the process capabilities (known as \"traits\"), which may give an analyst clues on what the process does.


[2]


[3]

