Show in Graph
Common Information
Type Value
Value 
Account Manipulation - T1098
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Account manipulation may aid adversaries in maintaining access to credentials and certain permission levels within an environment. Manipulation could consist of modifying permissions, modifying credentials, adding or changing permission groups, modifying account settings, or modifying how authentication is performed. In order to create or manipulate accounts, the adversary must already have sufficient permissions on systems or the domain. Detection: Collect events that correlate with changes to account objects on systems and the domain, such as event ID 4738. (Citation: Microsoft User Modified Event) Monitor for modification of accounts in correlation with other suspicious activity. Changes may occur at unusual times or from unusual systems. Especially flag events where the subject and target accounts differ (Citation: InsiderThreat ChangeNTLM July 2017) or that include additional flags such as changing a password without knowledge of the old password. (Citation: GitHub Mimikatz Issue 92 June 2017) Use of credentials may also occur at unusual times or to unusual systems or services and may correlate with other suspicious activity. Platforms: Windows Data Sources: Authentication logs, API monitoring, Windows event logs, Packet capture Permissions Required: Administrator
Details Published Attributes CTI Title
Details Website 2024-11-16 90 From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-14 24 Major cyber attacks and data breaches of 2024
Details Website 2024-11-13 23 T.A. — RansomHub
Details Website 2024-11-09 19 TRACKING RANSOMWARE : OCTOBER 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-11-05 0 Part 2–6. Session Management Testing
Details Website 2024-11-03 35 Threat Actor — Cl0P
Details Website 2024-11-02 5 Hack The Box | Sherlock | Meerkat
Details Website 2024-10-30 28 Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Details Website 2024-10-25 58 HeptaX: Unauthorized RDP Connections For Cyberespionage Operations
Details Website 2024-10-25 0 My Crash Course in Cyber Defense at B-Sides NYC
Details Website 2024-10-23 2 Climbing The Ladder | Kubernetes Privilege Escalation (Part 1)
Details Website 2024-10-17 30 Securing Continuous Delivery: Argo CD Threat Detection
Details Website 2024-10-16 108 Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA
Details Website 2024-10-10 182 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航
Details Website 2024-10-08 0 Guiding your organization with the 2024 Elastic Global Threat Report
Details Website 2024-10-06 7 Blue Team Online Labs: Anakus
Details Website 2024-10-04 0 Part-1 MITRE ATT&CK Tactic & Techniques & framework
Details Website 2024-09-30 174 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Details Website 2024-09-25 24 Zero Trust Protections - Illustrated
Details Website 2024-09-23 17 Mastering Cloud-Specific IOCs for Enhanced Threat Detection | Wiz Blog
Details Website 2024-09-21 39 Unmasking Advanced Threat Actors: How Cloud Identity and Access Management is Under Attack
Details Website 2024-09-12 25 Hygiene, Hygiene, Hygiene! [Guest Diary] - SANS Internet Storm Center
Details Website 2024-09-10 1 Login form NoSQL Injection + CSRF Token bypass real cases found during recent audit
Details Website 2024-09-04 4 ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor
Details Website 2024-09-03 46 Most interesting IR cases in 2023: insider threats and more