ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Use of stolen or default authentication credentials (including credential stuffing)
VERIS
action.hacking.variety.Use of stolen creds
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021
Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.001
Remote Services: Remote Desktop Protocol
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.002
Remote Services: SMB/Windows Admin Shares
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.003
Remote Services: Distributed Component Object Model
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.004
Remote Services: SSH
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.005
Remote Services: VNC
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.006
Remote Services: Windows Remote Management
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.007
Cloud Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1021.008
Direct Cloud VM Connections
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078
Valid Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078.001
Valid Accounts: Default Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078.002
Valid Accounts: Domain Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078.003
Valid Accounts: Local Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1078.004
Valid Accounts: Cloud Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1133
External Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134
Access Token Manipulation
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.001
Access Token Manipulation: Token Impersonation/Theft
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.002
Access Token Manipulation: Create Process with Token
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.003
Access Token Manipulation: Make and Impersonate Token
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.004
Access Token Manipulation: Parent PID Spoofing
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1134.005
Access Token Manipulation: SID-History Injection
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550
Use Alternate Authentication Material
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.001
Use Alternate Authentication Material: Application Access Token
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.002
Use Alternate Authentication Material: Pass the Hash
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.003
Use Alternate Authentication Material: Pass the Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1550.004
Use Alternate Authentication Material:Web Session Cookie
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558
Steal or Forge Kerberos Tickets
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.001
Steal or Forge Kerberos Tickets: Golden Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.002
Steal or Forge Kerberos Tickets: Silver Ticket
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.003
Steal or Forge Kerberos Tickets: Kerberoasting
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.004
Steal or Forge Kerberos Tickets: AS-REP Roasting
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.005
Steal or Forge Kerberos Tickets: Ccache Files
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586
Compromise Account
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586.001
Compromise Account: Social Media Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1586.002
Compromise Account: Email Accounts
action.hacking.variety.Use of stolen creds
Use of stolen or default authentication credentials (including credential stuffing)
related-to
T1558.005
Steal or Forge Kerberos Tickets: Ccache Files
