Skip to content

Hide Navigation Hide TOC

User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6)

A profile representing a user, device, service, or application used to authenticate and access resources

Cluster A Galaxy A Cluster B Galaxy B Level
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6) mitre-data-source 1
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6) mitre-data-source 1
User Account Deletion (d6257b8e-869c-41c0-8731-fdca40858a91) mitre-data-component User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6) mitre-data-source 1
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6) mitre-data-source 1
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component User Account - DS0002 (0b4f86ed-f4ab-46a3-8ed1-175be1974da6) mitre-data-source 1
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Cloud Service Dashboard - T1538 (e49920b0-6c54-40c1-9571-73723653205f) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
User Account Authentication (a953ca55-921a-44f7-9b8d-3d40141aa17e) mitre-data-component Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component 2
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 2
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 2
User Account Creation (deb22295-7e37-4a3b-ac6f-c86666fbe63d) mitre-data-component Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern User Account Deletion (d6257b8e-869c-41c0-8731-fdca40858a91) mitre-data-component 2
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern User Account Deletion (d6257b8e-869c-41c0-8731-fdca40858a91) mitre-data-component 2
User Account Deletion (d6257b8e-869c-41c0-8731-fdca40858a91) mitre-data-component Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
User Account Metadata (b5d0492b-cda4-421c-8e51-ed2b8d85c5d0) mitre-data-component Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 2
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 2
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component Temporary Elevated Cloud Access - T1548.005 (6fa224c7-5091-4595-bf15-3fc9fe2f2c7c) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern User Account Modification (d27b0089-2c39-4b6c-84ff-303e48657e77) mitre-data-component 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern 3
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 3
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Temporary Elevated Cloud Access - T1548.005 (6fa224c7-5091-4595-bf15-3fc9fe2f2c7c) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern 3