Cached Domain Credentials (T1003.005)

Adversaries may attempt to access cached domain credentials used to allow authentication to occur in the event a domain controller is unavailable.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK