Hide Navigation Hide TOC

secretsdump (a1fef846-cb22-4885-aa14-cb67ab38fce4)

According to joint Cybersecurity Advisory AA23-319A (November 2023), secretsdump is a Python script "used to extract credentials and other confidential information from a system".^{[U.S. CISA Rhysida Ransomware November 15 2023]} Secretsdump is publicly available and included as a module of Impacket, a tool for working with network protocols.^{[GitHub secretsdump]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rhysida Ransomware Actors (0610cd57-2511-467a-97e3-3c810384074f)	Tidal Groups	secretsdump (a1fef846-cb22-4885-aa14-cb67ab38fce4)	Tidal Software	1
Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	secretsdump (a1fef846-cb22-4885-aa14-cb67ab38fce4)	Tidal Software	1
LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59)	Tidal Groups	secretsdump (a1fef846-cb22-4885-aa14-cb67ab38fce4)	Tidal Software	1