Windows Credential Editor

Windows Credential Editor is a password dumping tool. [1]

ID: S0005
Associated Software: WCE
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1003 .001 OS Credential Dumping: LSASS Memory

Windows Credential Editor can dump credentials.[1]

Groups That Use This Software

ID Name References
G0060 BRONZE BUTLER

[2][3]

G0037 FIN6

[4]

G0053 FIN5

[5][6]

G0027 Threat Group-3390

[7]

G0087 APT39

[8][9]

G0065 Leviathan

[10]

G0093 GALLIUM

[11]

References