Tools: CredentialTheft.md
Recurso del BushidoUK Ransomware Tool Matrix - Tools.
Credential Theft Tools
> [!TIP]
> There are a number of free password recovery tools availbel that are designed to help users recover lost or forgotten passwords stored on their own systems. These tools can extract passwords saved in web browsers, email clients, and other applications. IT professionals can use these tools to recover credentials needed for system maintenance or troubleshooting.
> [!IMPORTANT]
> If these tools are run on a computer without the owner's permission by an adversary, they can be used to harvest passwords illicitly, leading to unauthorized access to sensitive information.
| Tool Name | Threat Group Usage |
|---|---|
| AADInternals | DarkBit+, Storm-0501
| AccountRestore | Blacksuit |
| Automim | Beast |
| aws_consoler | Scattered Spider
| BetterSafetyKatz | OnePercent
| CQTools CQHashDump | NailaoLocker |
| DonPAPI | Akira, Fog |
| DumpBrowserSecrets | TheGentlemen |
| Find-KeePassConfig | Storm-0501
| GitGuardian | Scattered Spider
| Gosecretsdump | Lockbit |
| GrabChrome | Yanluowang |
| GrabFF | FiveHands, Yanluowang |
| Invoke-TheHash | Medusa Locker |
| Jecretz | Scattered Spider
| KeeThief | EvilCorp*, Yanluowang |
| Kerbrute | BlackCat |
| KslKatz | TheGentlemen |
| LaZagne | Akira, AvosLocker, LockBit, GoGoogle, 8BASE, RansomEXX, BlackCat, IMN Crew, Beast, DragonForce |
| LostMyPassword | LockBit |
| MAGNET RAM Capture | Scattered Spider
| Mimikatz | MAZE, BlackSuit, Royal, Black Basta, Akira, Phobos, PLAY, Karakurt, Scattered Spider, AvosLocker, LockBit, Conti, Bassterlord, Quantum, PYSA, NetWalker, GoGoogle, 8BASE, Trigona, Cuba, RansomEXX, EvilCorp, Avaddon, Yanluowang, Lapsus$, Zola, MONTI, BlackCat, RansomHub, OnePercent, *Prophet Spider, DarkSide, FiveHands, Medusa Locker, DragonForce, Sphinx, Medusa, Ghost/Cring, Qilin, Helldown, Warlock, Beast, TheGentlemen |
| MIT Kerberos Ticket Manager | Scattered Spider
| NirSoft BulletsPassView | GoGoogle |
| NirSoft ChromePass | GoGoogle, Loki |
| NirSoft Dialupass | BlackSuit, Royal, GoGoogle |
| NirSoft ExtPassword | LockBit |
| NirSoft IEPassView (iepv) | BlackSuit, Royal, GoGoogle |
| NirSoft MailPassView | BlackSuit, Royal, GoGoogle |
| NirSoft Netpass | BlackSuit, Royal, GoGoogle |
| NirSoft OperaPassView | GoGoogle |
| NirSoft RouterPassView | BlackSuit, Royal, GoGoogle |
| NirSoft RemoteDesktopPassView (rdpv) | Phobos, GoGoogle |
| NirSoft SniffPass | GoGoogle |
| NirSoft VNCPassView | GoGoogle, 8BASE |
| NirSoft WebBrowserPassView | Phobos, GoGoogle, 8BASE, BlackCat, Yanluowang, Loki |
| NirSoft WirelessKeyView | GoGoogle |
| PasswordFox | LockBit, GoGoogle, 8BASE |
| ProcDump | MAZE, LockBit, Conti, Quantum, PYSA, NetWalker, 8BASE, Scattered Spider*, Everest, RA World, RansomEXX |
| RDP Recognizer | BianLian |
| Router Scan | Conti, FiveHands |
| SecretServerSecretStealer | EvilCorp
| SessionGopher | PYSA, DarkSide, Sphinx |
| SharpChrome | Conti |
| SharpDump | Avaddon |
| SharpKatz | OnePercent
| Snaffler | Scattered Spider
| Trufflehog | Scattered Spider
| Veeam-Get-Creds | MONTI, BlackCat, Fog, LockBit, Warlock |
| Volatility | Scattered Spider
| XenArmor | AvosLocker |