Skip to content

Hide Navigation Hide TOC

Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d)

A Credential created for the purpose of deceiving an adversary.

Cluster A Galaxy A Cluster B Galaxy B Level
Keychain - T1142 (9e09ddb2-1746-4448-9cad-7f8b41777d6d) Attack Pattern Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
Decoy User Credential (9a7bed7b-0baa-5232-b24f-de436702894d) MITRE D3FEND Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 1
Keychain - T1142 (9e09ddb2-1746-4448-9cad-7f8b41777d6d) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 3