Description
[Mimikatz](https://attack.mitre.org/software/S0002) is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of networks. (Citation: Deply Mimikatz) (Citation: Adsecurity Mimikatz Guide)
External References
Techniques Used by This Tool
- T1003.001 — LSASS Memory
- T1003.002 — Security Account Manager
- T1003.004 — LSA Secrets
- T1003.006 — DCSync
- T1098 — Account Manipulation
- T1134.005 — SID-History Injection
- T1207 — Rogue Domain Controller
- T1547.005 — Security Support Provider
- T1550.002 — Pass the Hash
- T1550.003 — Pass the Ticket
- T1552.004 — Private Keys
- T1555 — Credentials from Password Stores
- T1555.003 — Credentials from Web Browsers
- T1555.004 — Windows Credential Manager
- T1558.001 — Golden Ticket
- T1558.002 — Silver Ticket
- T1649 — Steal or Forge Authentication Certificates
APT Groups Using This Tool
- Indrik Spider
- Wizard Spider
- FIN7
- Dragonfly
- OilRig
- TA505
- Earth Lusca
- Play
- Sandworm Team
- Turla
- FIN6
- APT28
- HEXANE
- Ke3chang
- Volt Typhoon
- Leafminer
- Magic Hound
- APT29
- Cobalt Group
- APT39
- MuddyWater
- APT38
- APT32
- BRONZE BUTLER
- APT5
- BackdoorDiplomacy
- Kimsuky
- Akira
- LAPSUS$
- Chimera
- menuPass
- APT41
- FIN13
- GALLIUM
- Scattered Spider
- Blue Mockingbird
- BlackByte
- Threat Group-3390
- Tonto Team
- Agrius
- APT1
- APT33
- Cleaver
- TEMP.Veles
- DarkHydrus
- Whitefly
- Carbanak
- Thrip
- PittyTiger