S1042Windows

S1042SUGARDUMP

Platforms
1
ATT&CK
14.1
References
2

Description

[SUGARDUMP](https://attack.mitre.org/software/S1042) is a proprietary browser credential harvesting tool that was used by UNC3890 during the [C0010](https://attack.mitre.org/campaigns/C0010) campaign. The first known [SUGARDUMP](https://attack.mitre.org/software/S1042) version was used since at least early 2021, a second SMTP C2 version was used from late 2021-early 2022, and a third HTTP C2 variant was used since at least April 2022.(Citation: Mandiant UNC3890 Aug 2022)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S1042
  2. https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SUGARUSH
Software
Mimikatz
Actor
UNC3890
Software
Fgdump
Software
EvilGrab
Software
pwdump
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.