ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Use of stolen or default authentication credentials (including credential stuffing)
VERIS
action.hacking.variety.Use of stolen creds
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.007
Cloud Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.008
Direct Cloud VM Connections
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.003
Make and Impersonate Token
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021
Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1027.007
Dynamic API Resolution
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1029
Scheduled Transfer
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1547.004
Winlogon Helper DLL
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1598.003
Spearphishing Link
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1560.001
Archive via Utility
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1583.004
Server
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078
Valid Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1011.001
Exfiltration Over Bluetooth
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.004
Web Session Cookie
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1601.002
Downgrade System Image
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1569.002
Service Execution
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1133
External Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134
Access Token Manipulation
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1654
Log Enumeration
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1041
Exfiltration Over C2 Channel
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1187
Forced Authentication
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550
Use Alternate Authentication Material
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.001
Application Access Token
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.002
Pass the Hash
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.003
Pass the Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.004
Web Session Cookie
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558
Steal or Forge Kerberos Tickets
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.001
Golden Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.002
Silver Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.003
Kerberoasting
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.004
AS-REP Roasting
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.005
Ccache Files
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586
Compromise Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586.001
Social Media Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586.002
Email Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.005
Ccache Files
