ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 9.0 Enterprise and VERIS 1.3.5.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Use of stolen authentication credentials (including credential stuffing)
VERIS
action.hacking.variety.Use of stolen creds
Mappings
Mappings
ATT&CK Version
9.0
ATT&CK Domain
Enterprise
VERIS
1.3.5
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1558.004
Steal or Forge Kerberos Tickets: AS-REP Roasting
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1550.002
Use Alternate Authentication Material: Pass the Hash
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1078
Valid Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1133
External Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021
Remote Services
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.001
Remote Services: Remote Desktop Protocol
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.002
Remote Services: SMB/Windows Admin Shares
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.003
Remote Services: Distributed Component Object Model
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.004
Remote Services: SSH
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.005
Remote Services: VNC
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1021.006
Remote Services: Windows Remote Management
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1078.001
Valid Accounts: Default Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1078.002
Valid Accounts: Domain Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1078.003
Valid Accounts: Local Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1078.004
Valid Accounts: Cloud Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134
Access Token Manipulation
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134.001
Access Token Manipulation: Token Impersonation/Theft
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134.002
Access Token Manipulation: Create Process with Token
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134.003
Access Token Manipulation: Make and Impersonate Token
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134.004
Access Token Manipulation: Parent PID Spoofing
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1134.005
Access Token Manipulation: SID-History Injection
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1550
Use Alternate Authentication Material
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1550.001
Use Alternate Authentication Material: Application Access Token
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1550.003
Use Alternate Authentication Material: Pass the Ticket
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1550.004
Use Alternate Authentication Material: Web Session Cookies
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1558
Steal or Forge Kerberos Tickets
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1558.001
Steal or Forge Kerberos Tickets: Golden Ticket
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1558.002
Steal or Forge Kerberos Tickets: Silver Ticket
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1558.003
Steal or Forge Kerberos Tickets: Kerberoasting
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1586
Compromise Account
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1586.001
Compromise Account: Social Media Accounts
action.hacking.variety.Use of stolen creds
Use of stolen authentication credentials (including credential stuffing)
related-to
T1586.002
Compromise Account: Email Accounts
