Show in Graph
Common Information
Type Value
Value 
Account Manipulation - T1098
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Account manipulation may aid adversaries in maintaining access to credentials and certain permission levels within an environment. Manipulation could consist of modifying permissions, modifying credentials, adding or changing permission groups, modifying account settings, or modifying how authentication is performed. In order to create or manipulate accounts, the adversary must already have sufficient permissions on systems or the domain. Detection: Collect events that correlate with changes to account objects on systems and the domain, such as event ID 4738. (Citation: Microsoft User Modified Event) Monitor for modification of accounts in correlation with other suspicious activity. Changes may occur at unusual times or from unusual systems. Especially flag events where the subject and target accounts differ (Citation: InsiderThreat ChangeNTLM July 2017) or that include additional flags such as changing a password without knowledge of the old password. (Citation: GitHub Mimikatz Issue 92 June 2017) Use of credentials may also occur at unusual times or to unusual systems or services and may correlate with other suspicious activity. Platforms: Windows Data Sources: Authentication logs, API monitoring, Windows event logs, Packet capture Permissions Required: Administrator
Details Published Attributes CTI Title
Details Website 2023-05-26 27 Threat Intelligence Report: Understanding and Mitigating ‘Cosmic Energy’ using the MITRE ATT&CK…
Details Website 2023-05-16 77 #StopRansomware: BianLian Ransomware Group | CISA
Details Website 2023-05-07 42 The Evolution of Business Email Compromise
Details Website 2023-05-03 45 The Evolution of Business Email Compromise
Details Website 2023-04-24 33 An Adventure in Google Cloud threat detection | Datadog Security Labs
Details Website 2023-04-20 481 ATT&CK Changes
Details Website 2023-04-17 9 2023 Vulnerabilities : First-Quarter Highlights ReliaQuest Threat Research Team – Global Security Mag Online
Details Website 2023-03-22 9 APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Details Website 2023-03-16 78 Bee-Ware of Trigona, An Emerging Ransomware Strain
Details Website 2023-03-07 9 Account Pre-Takeover Bug Bounty
Details Website 2023-03-02 199 Russia/Ukraine Update - February 2023
Details Website 2023-02-28 44 CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
Details Website 2023-02-28 16 Aligning Falco’s Cloudtrail Rules with MITRE ATT&CK – Sysdig
Details Website 2023-02-13 261 Dalbit (m00nlight): Chinese Hacker Group's APT Attack Campaign - ASEC BLOG
Details Website 2023-02-10 0 The MITRE Attack Chain’s Discrete Links | Fortinet Blog
Details Website 2023-01-31 261 달빗(Dalbit,m00nlight): 중국 해커 그룹의 APT 공격 캠페인 - ASEC BLOG
Details Website 2022-12-20 133 Russia/Ukraine Update - December 2022
Details Website 2022-11-29 132 Russia/Ukraine Update - November 2022
Details Website 2022-11-28 71 Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia | Mandiant
Details Website 2022-11-25 49 Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester | CISA
Details Website 2022-11-22 0 A third of cyberattacks in the cloud leverage credential access
Details Website 2022-11-18 19 U.S. Federal Network Hacked – APT Hackers Compromised Domain Controller
Details Website 2022-11-17 4 SafeBreach Coverage for US-CERT Alert (AA22-320A) – Iranian State-Sponsored APT Actors
Details Website 2022-11-16 32 Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester | CISA
Details Website 2022-10-18 45 Anomali Cyber Watch: Ransom Cartel Uses DPAPI Dumping, Unknown China-Sponsored Group Targeted Telecommunications, Alchimist C2 Framework Targets Multiple Operating Systems, and More