Skip to content

Hide Navigation Hide TOC

Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7)

Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline.

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND 1
Administrative Network Activity Analysis (bbb6dd55-5a7c-576e-8230-8b1b30a0abd7) MITRE D3FEND Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2