Threat hunting for signs of credential dumping - Threat hunting with hints of incident response
Tags
attack-pattern: Data Credentials - T1589.001 Rundll32 - T1218.011 Tool - T1588.002 Credential Dumping - T1003 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID e6d55485-51b8-4292-8881-922857f3d9eb
Fingerprint 72100ea7afa44650
Analysis status DONE
Considered CTI value 0
Text language
Published March 11, 2024, 2:56 p.m.
Added to db Aug. 31, 2024, 8:42 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Threat hunting for signs of credential dumping
Title Threat hunting for signs of credential dumping - Threat hunting with hints of incident response
Detected Hints/Tags/Attributes 17/1/9
Source URLs
Redirection Url
Details Source https://threathunt.blog/lsass-credential-dumping/?utm_source=rss&utm_medium=rss&utm_campaign=lsass-credential-dumping
URL Provider
Details Provider Source level domain
Details threathunt.blog threathunt.blog
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 252 | Threat hunting with hints of incident response https://threathunt.blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 478 
lsass.exe
Details File 4 
comsvc.dll
Details File 1018 
rundll32.exe
Details File 27 
c:\windows\system32\comsvcs.dll
Details File 38 
lsass.dmp
Details File 27 
procdump.exe
Details File 117 
taskmgr.exe
Details File 26 
procdump64.exe
Details sha1 1 
ce8a64b7d864137ed1bf633d8fac1e2e1bcae92c