Account Manipulation
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Account manipulation may consist of any action that preserves or modifies adversary access to a compromised account, such as modifying credentials or permission groups.(Citation: FireEye SMOKEDHAM June 2021) These actions could also include account activity designed to subvert security policies, such as performing iterative password updates to bypass password duration policies and preserve the life of compro...
BY SOURCE
PROCEDURES (81)
Auto-extracted: 17 detections for privilege
Auto-extracted: 11 detections for persist
Auto-extracted: 11 detections for general monitoring
Auto-extracted: 10 detections for cloud
Auto-extracted: 8 detections for azure
Auto-extracted: 7 detections for unusual
Auto-extracted: 6 detections for api
Auto-extracted: 4 detections for suspicious
Auto-extracted: 4 detections for service
Auto-extracted: 4 detections for authentication monitoring
Auto-extracted: 4 detections for process creation monitoring
Auto-extracted: 4 detections for token
Auto-extracted: 4 detections for credential
Auto-extracted: 3 detections for kerbero
Auto-extracted: 3 detections for exfiltrat
Auto-extracted: 3 detections for event log
Auto-extracted: 3 detections for persist
Auto-extracted: 3 detections for bypass
Auto-extracted: 2 detections for impersonat
Auto-extracted: 2 detections for dns
Auto-extracted: 2 detections for saml
Auto-extracted: 2 detections for lateral
Auto-extracted: 2 detections for oauth
Auto-extracted: 2 detections for lateral
Auto-extracted: 2 detections for c2
Auto-extracted: 2 detections for aws
Auto-extracted: 2 detections for exfiltrat
Auto-extracted: 2 detections for kubernetes
Auto-extracted: 2 detections for oauth
Auto-extracted: 2 detections for container
Auto-extracted: 2 detections for dcsync
Auto-extracted: 2 detections for aws
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for network connection monitoring
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for event log
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for cloud monitoring
Auto-extracted: 1 detections for dns
Auto-extracted: 1 detections for dns
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for impersonat
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for kerbero
Auto-extracted: 1 detections for kubernetes