The sub-techniques beta is now live! Read the release blog post for more info.

Windows Credential Editor

Windows Credential Editor is a password dumping tool. [1]

ID: S0005
Associated Software: WCE
Type: TOOL
Platforms: Windows
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1003 Credential Dumping

Windows Credential Editor can dump credentials.[1]

Groups That Use This Software

ID Name References
G0060 BRONZE BUTLER [2] [3]
G0037 FIN6 [4]
G0053 FIN5 [5] [6]
G0027 Threat Group-3390 [7]
G0087 APT39 [8]
G0065 Leviathan [9]