Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)
Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.
Commands such as net group /domain of the Net utility, dscacheutil -q group on macOS, and ldapsearch on Linux can list domain-level groups.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) | Attack Pattern | Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) | Attack Pattern | 1 |