Common Information
| Type | Value |
|---|---|
| Value |
Domain Account - T1136.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create a domain account to maintain access to victim systems. Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover user, administrator, and service accounts. With a sufficient level of access, the <code>net user /add /domain</code> command can be used to create a domain account.(Citation: Savill 1999) Such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-01-12 | 215 | Abusing cloud services to fly under the radar | ||
| Details | Website | 2021-01-11 | 98 | Trickbot Still Alive and Well | ||
| Details | Website | 2020-12-26 | 6 | Slack and Velociraptor :: Velociraptor - Digging deeper! | ||
| Details | Website | 2020-12-02 | 100 | IcedID Stealer Man-in-the-browser Banking Trojan | ||
| Details | Website | 2020-12-02 | 3 | ‘Shadow Academy’ Targets 20 Universities Worldwide | RiskIQ | ||
| Details | Website | 2020-09-18 | 15 | U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks | ||
| Details | Website | 2020-09-15 | 22 | Iran-Based Threat Actor Exploits VPN Vulnerabilities | CISA | ||
| Details | Website | 2020-09-08 | 305 | ShadowPad: новая активность группировки Winnti | ||
| Details | Website | 2020-07-07 | 7 | Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool | Mandiant | ||
| Details | Website | 2020-06-17 | 13 | Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims | ||
| Details | Website | 2019-11-14 | 47 | When Kirbi walks the Bifrost | ||
| Details | Website | 2019-04-20 | 1 | Exploring, Exploiting Active Directory Pen Test | ||
| Details | Website | 2019-04-02 | 12 | ATT&CK Series: Persistence | ||
| Details | Website | 2019-03-20 | 42 | Kerberos (I): How does Kerberos work? - Theory | ||
| Details | Website | 2019-03-06 | 3 | MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory's Oddest Settings | ||
| Details | Website | 2019-02-06 | 7 | Penetration testing of corporate information systems: statistics and findings, 2019 | ||
| Details | Website | 2019-01-29 | 5 | It’s Not Always About the Perimeter – A Look at Domain Reconnaissance | ||
| Details | Website | 2018-11-26 | 5 | Windows 10 1809 kiosk mode with an AD domain account | ||
| Details | Website | 2018-11-06 | 15 | Running PowerShell on Azure VMs at Scale | ||
| Details | Website | 2018-07-16 | 0 | Cracking Service Account Passwords with Kerberoasting | ||
| Details | Website | 2018-06-27 | 1 | Bypassing SQL Server Logon Trigger Restrictions | ||
| Details | Website | 2018-05-31 | 2 | Dumping Active Directory Domain Info - with PowerUpSQL! | ||
| Details | Website | 2018-01-26 | 2 | Blockchain. Changing the attackers aim | Pen Test Partners | ||
| Details | Website | 2018-01-11 | 0 | Solve the PowerShell multi-hop problem without using CredSSP | ||
| Details | Website | 2018-01-08 | 3 | Check Domain Account Expiration Date - Syspanda |