Mimikatz
Essential information
- Confidence
- 100/100
- Published
- 31/05/2017 23:32
- Modified
- 27/03/2026 01:07
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 17 attack patterns (mitre), 51 intrusion sets (apt), 9 campaign, 1 reports, 9 campaigns
Description
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets, tools and other entities linked to this tool.
Attack patterns (MITRE) (17)
-
T1003.002 usesSecurity Account Manager MITRE
-
T1555.003 usesCredentials from Web Browsers MITRE
-
Silver Ticket usesT1558.002 MITRE
-
T1098 usesAccount Manipulation MITRE
-
T1555.004 usesWindows Credential Manager MITRE
-
T1550.002 usesPass the Hash MITRE
-
-
-
T1134.005 MITRE
-
T1003.006 usesDCSync MITRE
-
T1552.004 usesPrivate Keys MITRE
-
T1003.001 usesLSASS Memory MITRE
Intrusion sets (APT) (51)
-
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Medusa Group usesThe MITRE Corporation Confidence 100
[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as a closed ransomware group before evolving into a Ransomware-as-a-Service (RaaS) operation. Some reporting indicates…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point…
First seen 01/01/1970 · Last seen 16/11/5138 · -
PittyTiger usesThe MITRE Corporation Confidence 100
[PittyTiger](https://attack.mitre.org/groups/G0011) is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control.(Citation: Bizeul 2014)(Citation: Villeneuve 2014)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Blue Mockingbird usesThe MITRE Corporation Confidence 100
[Blue Mockingbird](https://attack.mitre.org/groups/G0108) is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Campaign (9)
-
C0032 uses
-
Triton Safety Instrumented System Attack uses
-
Operation Digital Eye uses
-
HomeLand Justice uses
-
C0018 uses
-
SolarWinds Compromise uses
-
SharePoint ToolShell Exploitation uses
-
C0017 uses
-
Operation Wocao uses
Reports (1)
-
Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Campaigns (9)
-
C0032
-
Triton Safety Instrumented System Attack
-
Operation Digital Eye
-
HomeLand Justice
-
C0018
-
SolarWinds Compromise
-
SharePoint ToolShell Exploitation
-
C0017
-
Operation Wocao