Skip to main content
Mallory
Back to malware
MalwareUsed by 1 actor

BrowserPasswordDump10

BrowserPasswordDump10 is a publicly available credential-dumping tool used to extract passwords saved in web browsers on victim systems. The provided content specifically states that Molerats used BrowserPasswordDump10 to dump passwords saved in browsers on victims, and also lists it among tooling deployed by the group alongside BlackShades, DarkComet, SPARK RAT, and Quasar RAT. Based on the content, its known capability is browser-stored password theft; no additional high-confidence details about specific supported browsers, infection vector, persistence, or indicators of compromise are provided.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
THREAT ACTORS

Groups observed using it

1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details
Molerats

Molerats used the public tool BrowserPasswordDump10 to dump passwords saved in browsers on victims.

via mitre attack websiteattack.mitre.org
MITRE ATT&CK

Techniques & procedures

2 distinct techniques documented for this family, organized by ATT&CK tactic.

Credential Access

2 techniques
T1003OS Credential DumpingEvidence1
TacticCredential Access

APT3 has used tools to dump passwords from browsers... Kimsuky has also used Nirsoft's WebBrowserPassView tool to dump the passwords obtained from victims... Mimikatz performs credential dumping to obtain account and password information useful in gaining access to additional systems and enterprise network resources.

T1555.003Credentials from Web BrowsersEvidence6
TacticCredential Access

To dump passwords saved in victims' browsers (T1555.003), the group uses the publicly available BrowserPasswordDump10 tool.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
huntio blogNews
Jun 12, 2025
Stealth Falcon’s Zero-Day Offensive, OilRig’s Supply Chain Escalation, and the Evolving Middle Eastern APT Landscape

Credential stealer used by Molerats to extract browser-stored passwords.

Read more
mitre attack websiteNews
Mar 7, 2018
Credentials from Password Stores: Credentials from Web Browsers, Sub-technique T1555.003 - Enterprise | MITRE ATT&CK®

Public tool used to dump passwords saved in browsers.

Read more
mitre attackNews
Jan 25, 2026
Credentials from Password Stores: Credentials from Web Browsers, Sub-technique T1555.003 - Enterprise | MITRE ATT&CK®

Public tool used to dump passwords saved in victim browsers.

Read more
mitre attackNews
Mar 18, 2026
Credentials from Password Stores: Credentials from Web Browsers, Sub-technique T1555.003 - Enterprise | MITRE ATT&CK®

Public tool used to dump passwords saved in victim web browsers.

Read more
+3 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution1

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping2

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.