 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Hekatomb| Names | Hekatomb | |
| Category | Tools | |
| Type | Credential stealer | |
| Description | Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers. Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials. | |
| Information | <https://github.com/Processus-Thief/HEKATOMB> | |
Last change to this tool card: 29 November 2023
Download this tool card in JSON format
Previous: HeavyLift
Next: Helauto
| Changed | Name | Country | Observed | ||
APT groups | |||||
| ↳ Subgroup: Scattered Spider | [Unknown] | 2022-Jul 2024 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |