pwdump

pwdump is a credential dumper. [1]

ID: S0006
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1003 .002 OS Credential Dumping: Security Account Manager

pwdump can be used to dump credentials from the SAM.[1]

Groups That Use This Software

ID Name References
G0006 APT1

[2]

G0053 FIN5

[3]

G0045 menuPass

[4]

G0027 Threat Group-3390

[5]

G0096 APT41

[6]

G0087 APT39

[7]

References