Skip to content

Hide Navigation Hide TOC

Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db)

Changes made to an active directory object (ex: Windows EID 5163 or 5136)

Cluster A Galaxy A Cluster B Galaxy B Level
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern 1
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Conditional Access Policies - T1556.009 (ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 1
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern 2
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 2
Conditional Access Policies - T1556.009 (ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 2