Valid Accounts (T1078)

View on ATT&CK

In Playbook

Associated Tactics

  • Defense Evasion
  • Persistence
  • Privilege Escalation
  • Initial Access

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022. volexity_0day_sophos_FW
Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022. CISA MFA PrintNightmare
Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016. TechNet Credential Theft
Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016. TechNet Audit Policy