VERIS action.hacking.variety.Use of stolen creds Mappings

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.004 Steal or Forge Kerberos Tickets: AS-REP Roasting
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.002 Use Alternate Authentication Material: Pass the Hash
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078 Valid Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1133 External Remote Services
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021 Remote Services
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.001 Remote Services: Remote Desktop Protocol
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.002 Remote Services: SMB/Windows Admin Shares
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.003 Remote Services: Distributed Component Object Model
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.004 Remote Services: SSH
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.005 Remote Services: VNC
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.006 Remote Services: Windows Remote Management
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.001 Valid Accounts: Default Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.002 Valid Accounts: Domain Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.003 Valid Accounts: Local Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.004 Valid Accounts: Cloud Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134 Access Token Manipulation
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.001 Access Token Manipulation: Token Impersonation/Theft
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.002 Access Token Manipulation: Create Process with Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.003 Access Token Manipulation: Make and Impersonate Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.004 Access Token Manipulation: Parent PID Spoofing
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.005 Access Token Manipulation: SID-History Injection
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550 Use Alternate Authentication Material
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.001 Use Alternate Authentication Material: Application Access Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.003 Use Alternate Authentication Material: Pass the Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.004 Use Alternate Authentication Material: Web Session Cookies
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558 Steal or Forge Kerberos Tickets
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.001 Steal or Forge Kerberos Tickets: Golden Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.002 Steal or Forge Kerberos Tickets: Silver Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.003 Steal or Forge Kerberos Tickets: Kerberoasting
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586 Compromise Account
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586.001 Compromise Account: Social Media Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586.002 Compromise Account: Email Accounts