Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1555 | Credentials from Password Stores |
LaZagne can obtain credentials from databases, mail, and WiFi across multiple platforms.[1] |
|
.001 | Keychain | |||
.003 | Credentials from Web Browsers |
LaZagne can obtain credentials from web browsers such as Google Chrome, Internet Explorer, and Firefox.[1] |
||
.004 | Windows Credential Manager | |||
Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
LaZagne can perform credential dumping from memory to obtain account and password information.[1] |
.004 | OS Credential Dumping: LSA Secrets |
LaZagne can perform credential dumping from LSA secrets to obtain account and password information.[1] |
||
.005 | OS Credential Dumping: Cached Domain Credentials |
LaZagne can perform credential dumping from MSCache to obtain account and password information.[1] |
||
.007 | OS Credential Dumping: Proc Filesystem |
LaZagne can obtain credential information running Linux processes.[1] |
||
.008 | OS Credential Dumping: /etc/passwd and /etc/shadow |
LaZagne can obtain credential information from /etc/shadow using the shadow.py module.[1] |
||
Enterprise | T1552 | .001 | Unsecured Credentials: Credentials In Files |
LaZagne can obtain credentials from chats, databases, mail, and WiFi.[1] |
ID | Name | References |
---|---|---|
G0077 | Leafminer | |
G0049 | OilRig | |
G0022 | APT3 | |
G0069 | MuddyWater | |
G0064 | APT33 | |
G0100 | Inception | |
G0120 | Evilnum | |
G0139 | TeamTNT | |
G0131 | Tonto Team |