| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) |
Attack Pattern |
1 |
| LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7) |
Intrusion Set |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
1 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) |
Tool |
2 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
2 |
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) |
Attack Pattern |
2 |
| DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) |
Attack Pattern |
2 |
| Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) |
Attack Pattern |
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
2 |
| Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) |
Attack Pattern |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
2 |
| Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) |
Attack Pattern |
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) |
Attack Pattern |
2 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) |
Attack Pattern |
2 |
| NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
2 |
| DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5) |
Attack Pattern |
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) |
Attack Pattern |
2 |
| Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) |
Attack Pattern |
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
2 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
| Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) |
Attack Pattern |
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) |
Attack Pattern |
2 |
| Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
2 |
| Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
2 |
| Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c) |
Attack Pattern |
2 |
| Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4) |
Attack Pattern |
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f) |
Attack Pattern |
2 |
| Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
| Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) |
Attack Pattern |
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) |
Attack Pattern |
2 |
| Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) |
Attack Pattern |
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) |
Attack Pattern |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
2 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
2 |
| Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) |
Attack Pattern |
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) |
Attack Pattern |
2 |
| Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) |
Attack Pattern |
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) |
Attack Pattern |
2 |
| Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
2 |
| Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) |
Attack Pattern |
Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) |
Attack Pattern |
2 |
| Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) |
Attack Pattern |
Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4) |
Attack Pattern |
2 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
3 |
| MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) |
Malpedia |
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) |
Tool |
3 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
3 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
3 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
3 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
3 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) |
Attack Pattern |
3 |
| Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
3 |