APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
14.B.4
|
|
|
A Technique alert detection (red; high severity) called "mimikatz_command_patterns" was generated for m.exe executing with command-line arguments indicative of Mimikatz credential dumping.
[1]
|
|
An MSSP detection contained evidence of Mimikatz dumping credentials.
[1]
|
|
16.D.2
|
|
|
A Technique alert detection (red; high severity) for Credential Dumping was generated for m.exe with command-line arguments indicative of Mimikatz credential dumping.
[1]
|
|
An MSSP detection contained evidence of Mimikatz command-line arguments to dump credentials.
[1]
|
|
Dumped plaintext credentials using Mimikatz (m.exe)
m.exe injecting into lsass.exe to dump credentials
[1]
Dumped plaintext credentials using Mimikatz (m.exe)
m.exe injecting into lsass.exe to dump credentials
[1]
Dumped the KRBTGT hash on the domain controller host NewYork (10.0.0.4) using Mimikatz (m.exe)
m.exe injecting into lsass.exe to dump credentials
[1]
Dumped the KRBTGT hash on the domain controller host NewYork (10.0.0.4) using Mimikatz (m.exe)
m.exe injecting into lsass.exe to dump credentials
[1]