Skip to content

Hide Navigation Hide TOC

User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d)

Initial construction of a new account (ex: Windows EID 4720 or /etc/passwd logs)

Cluster A Galaxy A Cluster B Galaxy B Level
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 1
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 1
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 2