Skip to content

Latest commit

 

History

History
55 lines (52 loc) · 2.75 KB

CredentialTheft.md

File metadata and controls

55 lines (52 loc) · 2.75 KB

Credential Theft Tools

Tip

There are a number of free password recovery tools availbel that are designed to help users recover lost or forgotten passwords stored on their own systems. These tools can extract passwords saved in web browsers, email clients, and other applications. IT professionals can use these tools to recover credentials needed for system maintenance or troubleshooting.

Important

If these tools are run on a computer without the owner's permission by an adversary, they can be used to harvest passwords illicitly, leading to unauthorized access to sensitive information.

Tool Name Threat Group Usage
AADInternals DarkBit+, Storm-0501
aws_consoler Scattered Spider*
BetterSafetyKatz OnePercent*
DonPAPI Akira
Find-KeePassConfig Storm-0501
GitGuardian Scattered Spider*
Gosecretsdump Lockbit
GrabChrome Yanluowang
GrabFF FiveHands, Yanluowang
Invoke-TheHash Medusa Locker
Jecretz Scattered Spider*
KeeThief EvilCorp*, Yanluowang
LaZagne Akira, AvosLocker, LockBit, GoGoogle, 8BASE, RansomEXX, BlackCat
LostMyPassword LockBit
MAGNET RAM Capture Scattered Spider*
Mimikatz MAZE, BlackSuit, Royal, Black Basta, Akira, Phobos, PLAY, Karakurt, Scattered Spider*, AvosLocker, LockBit, Conti, Bassterlord*, Quantum, PYSA, NetWalker, GoGoogle, 8BASE, Trigona, Cuba, RansomEXX, EvilCorp*, Avaddon, Yanluowang, Lapsus$, Zola, MONTI, BlackCat, RansomHub, OnePercent*, *Prophet Spider, DarkSide, FiveHands, Medusa Locker
MIT Kerberos Ticket Manager Scattered Spider*
NirSoft BulletsPassView GoGoogle
NirSoft ChromePass GoGoogle
NirSoft Dialupass BlackSuit, Royal, GoGoogle
NirSoft ExtPassword LockBit
NirSoft IEPassView (iepv) BlackSuit, Royal, GoGoogle
NirSoft MailPassView BlackSuit, Royal, GoGoogle
NirSoft Netpass BlackSuit, Royal, GoGoogle
NirSoft OperaPassView GoGoogle
NirSoft RouterPassView BlackSuit, Royal, GoGoogle
NirSoft RemoteDesktopPassView (rdpv) Phobos, GoGoogle
NirSoft SniffPass GoGoogle
NirSoft VNCPassView GoGoogle, 8BASE
NirSoft WebBrowserPassView Phobos, GoGoogle, 8BASE, BlackCat, Yanluowang
NirSoft WirelessKeyView GoGoogle
PasswordFox LockBit, GoGoogle, 8BASE
ProcDump MAZE, LockBit, Conti, Quantum, PYSA, NetWalker, 8BASE, Scattered Spider*, Everest
RDP Recognizer BianLian
Router Scan Conti, FiveHands
SecretServerSecretStealer EvilCorp*
SessionGopher PYSA, DarkSide
SharpChrome Conti
SharpDump Avaddon
SharpKatz OnePercent*
Snaffler Scattered Spider*
Trufflehog Scattered Spider*
Veeam-Get-Creds MONTI, BlackCat, Fog, LockBit
Volatility Scattered Spider*
XenArmor AvosLocker