Skip to content

Hide Navigation Hide TOC

User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77)

Changes made to an account, such as permissions and/or membership in specific groups (ex: Windows EID 4738 or /var/log access/authentication logs)

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 1
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Temporary Elevated Cloud Access - T1548.005 (6fa224c7-5091-4595-bf15-3fc9fe2f2c7c) Attack Pattern 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 1
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 2
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Temporary Elevated Cloud Access - T1548.005 (6fa224c7-5091-4595-bf15-3fc9fe2f2c7c) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern 2