Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.(Citation: TechNet Credential Theft) Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services.(Citation: Microsoft AD Accounts)
Adversaries may compromise domain accounts, some with a high level of privileges, through various means such as OS Credential Dumping or password reuse, allowing access to privileged resources of the domain.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-02 | Account Management | Protects | T1078.002 | Domain Accounts |
AC-20 | Use of External Systems | Protects | T1078.002 | Domain Accounts |
AC-03 | Access Enforcement | Protects | T1078.002 | Domain Accounts |
AC-05 | Separation of Duties | Protects | T1078.002 | Domain Accounts |
AC-06 | Least Privilege | Protects | T1078.002 | Domain Accounts |
AC-07 | Unsuccessful Logon Attempts | Protects | T1078.002 | Domain Accounts |
CM-05 | Access Restrictions for Change | Protects | T1078.002 | Domain Accounts |
CM-06 | Configuration Settings | Protects | T1078.002 | Domain Accounts |
IA-12 | Identity Proofing | Protects | T1078.002 | Domain Accounts |
IA-02 | Identification and Authentication (organizational Users) | Protects | T1078.002 | Domain Accounts |
IA-05 | Authenticator Management | Protects | T1078.002 | Domain Accounts |
SI-04 | System Monitoring | Protects | T1078.002 | Domain Accounts |