Skip to content

Hide Navigation Hide TOC

HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404)

Detects the usage of "pypykatz" to obtain stored credentials. Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database through Windows registry where the SAM database is stored

Cluster A Galaxy A Cluster B Galaxy B Level
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404) Sigma-Rules 1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2