Defending Against OS Credential Dumping: Threat Landscape, Strategies, and Best Practices
Show in Graph
Image Description
Common Information
Type Value
UUID d7ec06fb-cf37-4b06-91dd-4563e7a9b48b
Fingerprint 0b7d13b98cdfd7dd963b8697e54cbb4cd208f4ff26fe58722702e7d593433591
Analysis status DONE
Considered CTI value 2
Text language
Published July 4, 2024, 9:35 a.m.
Added to db Nov. 17, 2024, 6:53 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Defending Against OS Credential Dumping: Threat Landscape, Strategies, and Best Practices
Title Defending Against OS Credential Dumping: Threat Landscape, Strategies, and Best Practices
Detected Hints/Tags/Attributes 235/3/66
Source URLs
Redirection Url
Details Source https://www.logpoint.com/wp-content/uploads/2024/07/logpoint-etpr-defending-against-os-credential-dumping.pdf
URL Provider
Details Provider Source level domain
Details logpoint.com www.logpoint.com
Attributes
Details Type #Events CTI Value
Details Domain 22 
www.logpoint.com
Details Domain 1 
lsassdump.dm
Details Domain 10 
lsass.zip
Details Domain 88 
secretsdump.py
Details Domain 7 
system.hiv
Details Domain 5 
sam.hiv
Details Domain 4 
security.hiv
Details File 39 
www.log
Details File 478 
lsass.exe
Details File 69 
comsvcs.dll
Details File 81 
werfault.exe
Details File 11 
werfaultsecure.exe
Details File 1018 
rundll32.exe
Details File 27 
c:\windows\system32\comsvcs.dll
Details File 38 
lsass.dmp
Details File 26 
procdump64.exe
Details File 2 
vostro.exe
Details File 2 
lsass.rar
Details File 6 
lsass.zip
Details File 29 
c:\windows\system32\lsass.exe
Details File 54 
dbghelp.dll
Details File 5 
dbgcore.dll
Details File 533 
ntdll.dll
Details File 25 
sysmon64.exe
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details File 459 
regsvr32.exe
Details File 74 
mstsc.exe
Details File 172 
dllhost.exe
Details File 8 
wmiexec.vbs
Details File 85 
secretsdump.py
Details File 165 
reg.exe
Details File 59 
ntdsutil.exe
Details File 5 
ntdsdump.exe
Details File 4 
ntdsdumpex.exe
Details File 3 
ntdsgrab.ps1
Details Mandiant Temporary Group Assumption 21 
TEMP.VELES
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 43 
T1003.002
Details MITRE ATT&CK Techniques 67 
T1003.003
Details MITRE ATT&CK Techniques 16 
T1003.004
Details MITRE ATT&CK Techniques 14 
T1003.005
Details MITRE ATT&CK Techniques 27 
T1003.006
Details Threat Actor Identifier - APT 115 
APT1
Details Threat Actor Identifier - APT 783 
APT28
Details Threat Actor Identifier - APT 78 
APT3
Details Threat Actor Identifier - APT 132 
APT32
Details Threat Actor Identifier - APT 181 
APT33
Details Threat Actor Identifier - APT 53 
APT39
Details Threat Actor Identifier - APT 522 
APT41
Details Threat Actor Identifier - APT 41 
APT5
Details Threat Actor Identifier - APT 665 
APT29
Details Threat Actor Identifier - FIN 10 
FIN13
Details Threat Actor Identifier - FIN 73 
FIN6
Details Threat Actor Identifier - FIN 68 
FIN8
Details Windows Registry Key 4 
HKEY_LOCAL_MACHINE\SAM
Details Windows Registry Key 3 
HKLM\SAM\SAM\Domains\Account\F
Details Windows Registry Key 2 
HKLM\SAM\SAM\Domains\Account\Users
Details Windows Registry Key 37 
HKLM\SYSTEM
Details Windows Registry Key 24 
HKLM\SAM
Details Windows Registry Key 14 
HKLM\SECURITY
Details Windows Registry Key 3 
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets
Details Windows Registry Key 4 
HKLM\Security
Details Windows Registry Key 1 
HKLM\Security\Cache
Details Windows Registry Key 15 
HKLM\System