Skip to content

Hide Navigation Hide TOC

HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404)

Detects the usage of "pypykatz" to obtain stored credentials. Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database through Windows registry where the SAM database is stored

Cluster A Galaxy A Cluster B Galaxy B Level
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404) Sigma-Rules 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2