EXPLORE

← Back to Explore

T1136.002

Domain Account

Adversaries may create a domain account to maintain access to victim systems. Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover user, administrator, and service accounts. With a sufficient level of access, the <code>net user /add /domain</code> command can be used to create a domain account.(Citation: Savill 1999) Such accounts may be used to establ...

LinuxmacOSWindows

9

Detections

3

Sources

5

Threat Actors

BY SOURCE

4splunk_escu3sigma2elastic

PROCEDURES (8)

Bypass2 detections

Auto-extracted: 2 detections for bypass

File Monitoring1 detections

Auto-extracted: 1 detections for file monitoring

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Bypass1 detections

Auto-extracted: 1 detections for bypass

Privilege1 detections

Auto-extracted: 1 detections for privilege

Service1 detections

Auto-extracted: 1 detections for service

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (5)

BlackByte GALLIUM HAFNIUM Medusa Group Wizard Spider

DETECTIONS (9)

dMSA Account Creation by an Unusual User

Manipulation of User Computer or Group Security Principals Across AD

PSEXEC Remote Execution File Artefact

Suspicious Windows ANONYMOUS LOGON Local Account Created

User Account Creation

Windows ESX Admins Group Creation Security Event

Windows ESX Admins Group Creation via Net

Windows ESX Admins Group Creation via PowerShell

Windows Privileged Group Modification