Skip to content

Hide Navigation Hide TOC

HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404)

Detects the usage of "pypykatz" to obtain stored credentials. Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database through Windows registry where the SAM database is stored

Cluster A Galaxy A Cluster B Galaxy B Level
HackTool - Pypykatz Credentials Dumping Activity (a29808fd-ef50-49ff-9c7a-59a9b040b404) Sigma-Rules Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2