Common Information
| Type | Value |
|---|---|
| Value |
Domain Account - T1136.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create a domain account to maintain access to victim systems. Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover user, administrator, and service accounts. With a sufficient level of access, the <code>net user /add /domain</code> command can be used to create a domain account.(Citation: Savill 1999) Such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-03-19 | 86 | LockBit Ransomware v2.0 | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-01-10 | 15 | Domain Escalation – sAMAccountName Spoofing | ||
| Details | Website | 2022-01-01 | 29 | Threat Report | ||
| Details | Website | 2022-01-01 | 48 | MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014 | ||
| Details | Website | 2021-12-14 | 56 | Tropic Trooper Targets Transportation and Government Organizations | ||
| Details | Website | 2021-11-29 | 160 | CONTInuing the Bazar Ransomware Story | ||
| Details | Website | 2021-10-20 | 10 | Windows Exploitation Tricks: Relaying DCOM Authentication | ||
| Details | Website | 2021-10-15 | 2 | Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key Attack | ||
| Details | Website | 2021-09-21 | 81 | Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage | ||
| Details | Website | 2021-09-21 | 81 | Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage | ||
| Details | Website | 2021-08-07 | 6 | Advance persistent threat - Lateral movement detection in Windows infrastructure - Part II | Infosec Resources | ||
| Details | Website | 2021-07-28 | 10 | Phases of a Post-Intrusion Ransomware Attack | ||
| Details | Website | 2021-07-10 | 106 | Common Tools & Techniques Used By Threat Actors and Malware — Part I | ||
| Details | Website | 2021-06-20 | 107 | From Word to Lateral Movement in 1 Hour | ||
| Details | Website | 2021-06-15 | 53 | Handy guide to a new Fivehands ransomware variant | ||
| Details | Website | 2021-05-29 | 114 | Attacking Active Directory: 0 to 0.9 | zer1t0 | ||
| Details | Website | 2021-05-17 | 14 | Case Study: Incident Response is a relationship-driven business | ||
| Details | Website | 2021-05-14 | 58 | DarkSide Ransomware Victims Sold Short | McAfee Blog | ||
| Details | Website | 2021-05-11 | 155 | DARKSIDE Ransomware | Shining a Light on Their Operations | ||
| Details | Website | 2021-05-10 | 95 | — | ||
| Details | Website | 2021-03-05 | 82 | Earth Vetala MuddyWater Continues to Target Organizations in the Middle East | ||
| Details | Website | 2021-02-03 | 34 | MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server | ||
| Details | Website | 2021-01-12 | 216 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-12 | 50 | Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 |