Common Information
| Type | Value |
|---|---|
| Value |
Domain Trust Discovery - T1482 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi-domain/forest environments. Domain trusts provide a mechanism for a domain to allow access to resources based on the authentication procedures of another domain.(Citation: Microsoft Trusts) Domain trusts allow the users of the trusted domain to access resources in the trusting domain. The information discovered may help the adversary conduct [SID-History Injection](https://attack.mitre.org/techniques/T1134/005), [Pass the Ticket](https://attack.mitre.org/techniques/T1550/003), and [Kerberoasting](https://attack.mitre.org/techniques/T1558/003).(Citation: AdSecurity Forging Trust Tickets)(Citation: Harmj0y Domain Trusts) Domain trusts can be enumerated using the `DSEnumerateDomainTrusts()` Win32 API call, .NET methods, and LDAP.(Citation: Harmj0y Domain Trusts) The Windows utility [Nltest](https://attack.mitre.org/software/S0359) is known to be used by adversaries to enumerate domain trusts.(Citation: Microsoft Operation Wilysupply) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-09-25 | 206 | From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report | ||
| Details | Website | 2023-09-20 | 26 | Dark Web Profile: NoEscape Ransomware | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-08-28 | 135 | HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-06 | 29 | CVE-2023–3519 WebShell Implant | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-21 | 24 | 2023 Target Cyber Defense Challenge: Cyber Threat Intelligence & Reverse Engineering | ||
| Details | Website | 2023-07-20 | 33 | Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | CISA | ||
| Details | Website | 2023-07-13 | 43 | Threat Actor Profile: BianLian, The Shape-Shifting Ransomware Group | ||
| Details | Website | 2023-07-11 | 10 | Target 2023 Cyber Defense Challenge — Tier 1 — Cyber Threat Intelligence | ||
| Details | Website | 2023-06-14 | 23 | Understanding Ransomware Threat Actors: LockBit – Cyber Safe NV | ||
| Details | Website | 2023-06-12 | 112 | A Truly Graceful Wipe Out - The DFIR Report | ||
| Details | Website | 2023-05-30 | 112 | Russia/Ukraine Update - May 2023 | ||
| Details | Website | 2023-05-22 | 141 | IcedID Macro Ends in Nokoyawa Ransomware - The DFIR Report | ||
| Details | Website | 2023-05-16 | 77 | #StopRansomware: BianLian Ransomware Group | CISA | ||
| Details | Website | 2023-05-10 | 4 | SafeBreach Coverage for US-CERT Alert (AA23-129A) – Snake Malware | ||
| Details | Website | 2023-05-09 | 19 | Hunting Russian Intelligence “Snake” Malware | CISA | ||
| Details | Website | 2023-04-03 | 228 | Malicious ISO File Leads to Domain Wide Ransomware - The DFIR Report | ||
| Details | Website | 2023-02-28 | 44 | CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA | ||
| Details | Website | 2023-02-08 | 21 | Earth Zhulong Familiar Patterns Target Southeast Asian Firms | ||
| Details | Website | 2023-01-28 | 14 | Intel471 | How Groove Gang is shaking up the Ransomware-as-a-Service… | ||
| Details | Website | 2023-01-09 | 217 | Unwrapping Ursnifs Gifts - The DFIR Report | ||
| Details | Website | 2022-12-06 | 78 | Vice Society: Profiling a Persistent Threat to the Education Sector | ||
| Details | Website | 2022-11-28 | 71 | Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia | Mandiant |