Skip to content

Hide Navigation Hide TOC

Skeleton Key - S0007 (89f63ae4-f229-4a5c-95ad-6f22ed2b5c49)

Skeleton Key is malware used to inject false credentials into domain controllers with the intent of creating a backdoor password. (Citation: Dell Skeleton) Functionality similar to Skeleton Key is included as a module in Mimikatz.

Cluster A Galaxy A Cluster B Galaxy B Level
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Skeleton Key - S0007 (89f63ae4-f229-4a5c-95ad-6f22ed2b5c49) Malware 1
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2