Common Information
| Type | Value |
|---|---|
| Value |
Domain Groups - T1069.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators. Commands such as <code>net group /domain</code> of the [Net](https://attack.mitre.org/software/S0039) utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain-level groups. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-07 | 2 | Top 10 PowerDMARC Alternatives and Competitors: Detailed Feature Comparison | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-18 | 27 | Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A | ||
| Details | Website | 2024-10-17 | 5 | SafeBreach Coverage for US CERT AA24-290A (Iranian Cyber Actors) | ||
| Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 2 | HTB — Cicada Writeup | ||
| Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
| Details | Website | 2024-09-30 | 174 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | ||
| Details | Website | 2024-09-20 | 143 | Twelve: from initial compromise to ransomware and wipers | ||
| Details | Website | 2024-09-09 | 33 | Threat Intelligence Report 3rd September – 9th September 2024 | ||
| Details | Website | 2024-09-04 | 11 | Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source | ||
| Details | Website | 2024-09-02 | 28 | Threat Intelligence Report 27th August – 2nd September 2024 | ||
| Details | Website | 2024-08-30 | 97 | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | ||
| Details | Website | 2024-08-06 | 3 | BloodHound Operator — Dog Whispering Reloaded | ||
| Details | Website | 2024-07-29 | 10 | Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog | ||
| Details | Website | 2024-07-02 | 5 | Pentesting results for 2023 | ||
| Details | Website | 2024-04-17 | 26 | Threat Group FIN7 Targets the U.S. Automotive Industry | ||
| Details | Website | 2024-04-01 | 124 | From OneNote to RansomNote: An Ice Cold Intrusion | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-01-29 | 115 | Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours | ||
| Details | Website | 2024-01-04 | 63 | ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario) | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 |