Esc
Account Manipulation - T1098
(ATT&CK® Technique)
Definition
No definition available.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1098["Account Manipulation"] --> |creates| Credential["Credential"]; class T1098 OffensiveTechniqueNode; class Credential ArtifactNode; click Credential href "/dao/artifact/d3f:Credential"; click T1098 href "/offensive-technique/attack/T1098/"; click Credential href "/dao/artifact/d3f:Credential"; T1098["Account Manipulation"] --> |modifies| UserAccount["User Account"]; class T1098 OffensiveTechniqueNode; class UserAccount ArtifactNode; click UserAccount href "/dao/artifact/d3f:UserAccount"; click T1098 href "/offensive-technique/attack/T1098/"; click UserAccount href "/dao/artifact/d3f:UserAccount"; T1098["Account Manipulation"] --> |modifies| DomainUserAccount["Domain User Account"]; class T1098 OffensiveTechniqueNode; class DomainUserAccount ArtifactNode; click DomainUserAccount href "/dao/artifact/d3f:DomainUserAccount"; click T1098 href "/offensive-technique/attack/T1098/"; click DomainUserAccount href "/dao/artifact/d3f:DomainUserAccount"; T1098["Account Manipulation"] --> |modifies| GlobalUserAccount["Global User Account"]; class T1098 OffensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click GlobalUserAccount href "/dao/artifact/d3f:GlobalUserAccount"; click T1098 href "/offensive-technique/attack/T1098/"; click GlobalUserAccount href "/dao/artifact/d3f:GlobalUserAccount"; T1098["Account Manipulation"] --> |produces| IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; class T1098 OffensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; click T1098 href "/offensive-technique/attack/T1098/"; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.-> | May Detect | T1098["Account Manipulation"] ; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.-> | May Detect | T1098["Account Manipulation"] ; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.-> | May Detect | T1098["Account Manipulation"] ; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.-> | May Detect | T1098["Account Manipulation"] ; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -.-> | May Detect | T1098["Account Manipulation"] ; class AdministrativeNetworkActivityAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click AdministrativeNetworkActivityAnalysis href "/technique/d3f:AdministrativeNetworkActivityAnalysis"; ConnectionAttemptAnalysis["Connection Attempt Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ConnectionAttemptAnalysis["Connection Attempt Analysis"] -.-> | May Detect | T1098["Account Manipulation"] ; class ConnectionAttemptAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ConnectionAttemptAnalysis href "/technique/d3f:ConnectionAttemptAnalysis"; Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; Client-serverPayloadProfiling["Client-server Payload Profiling"] -.-> | May Detect | T1098["Account Manipulation"] ; class Client-serverPayloadProfiling DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.-> | May Detect | T1098["Account Manipulation"] ; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] --> | analyzes | Credential["Credential"]; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.-> | May Detect | T1098["Account Manipulation"] ; class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode; class Credential ArtifactNode; click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; DomainAccountMonitoring["Domain Account Monitoring"] --> | monitors | GlobalUserAccount["Global User Account"]; DomainAccountMonitoring["Domain Account Monitoring"] -.-> | May Detect | T1098["Account Manipulation"] ; class DomainAccountMonitoring DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click DomainAccountMonitoring href "/technique/d3f:DomainAccountMonitoring"; DomainAccountMonitoring["Domain Account Monitoring"] --> | monitors | DomainUserAccount["Domain User Account"]; class DomainAccountMonitoring DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click DomainAccountMonitoring href "/technique/d3f:DomainAccountMonitoring"; DecoyUserCredential["Decoy User Credential"] --> | spoofs | Credential["Credential"]; DecoyUserCredential["Decoy User Credential"] -.-> | May Deceive | T1098["Account Manipulation"] ; class DecoyUserCredential DefensiveTechniqueNode; class Credential ArtifactNode; click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; AccountLocking["Account Locking"] --> | disables | DomainUserAccount["Domain User Account"]; AccountLocking["Account Locking"] -.-> | May Evict | T1098["Account Manipulation"] ; class AccountLocking DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click AccountLocking href "/technique/d3f:AccountLocking"; CredentialRevoking["Credential Revoking"] --> | deletes | Credential["Credential"]; CredentialRevoking["Credential Revoking"] -.-> | May Evict | T1098["Account Manipulation"] ; class CredentialRevoking DefensiveTechniqueNode; class Credential ArtifactNode; click CredentialRevoking href "/technique/d3f:CredentialRevoking"; AccountLocking["Account Locking"] --> | disables | UserAccount["User Account"]; class AccountLocking DefensiveTechniqueNode; class UserAccount ArtifactNode; click AccountLocking href "/technique/d3f:AccountLocking"; AccountLocking["Account Locking"] --> | disables | GlobalUserAccount["Global User Account"]; class AccountLocking DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click AccountLocking href "/technique/d3f:AccountLocking"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] --> | deletes | Credential["Credential"]; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.-> | May Evict | T1098["Account Manipulation"] ; class AuthenticationCacheInvalidation DefensiveTechniqueNode; class Credential ArtifactNode; click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; BiometricAuthentication["Biometric Authentication"] --> | authenticates | UserAccount["User Account"]; BiometricAuthentication["Biometric Authentication"] -.-> | May Harden | T1098["Account Manipulation"] ; class BiometricAuthentication DefensiveTechniqueNode; class UserAccount ArtifactNode; click BiometricAuthentication href "/technique/d3f:BiometricAuthentication"; BiometricAuthentication["Biometric Authentication"] --> | authenticates | DomainUserAccount["Domain User Account"]; class BiometricAuthentication DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click BiometricAuthentication href "/technique/d3f:BiometricAuthentication"; BiometricAuthentication["Biometric Authentication"] --> | authenticates | GlobalUserAccount["Global User Account"]; class BiometricAuthentication DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click BiometricAuthentication href "/technique/d3f:BiometricAuthentication"; StrongPasswordPolicy["Strong Password Policy"] --> | strengthens | UserAccount["User Account"]; StrongPasswordPolicy["Strong Password Policy"] -.-> | May Harden | T1098["Account Manipulation"] ; class StrongPasswordPolicy DefensiveTechniqueNode; class UserAccount ArtifactNode; click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; StrongPasswordPolicy["Strong Password Policy"] --> | strengthens | DomainUserAccount["Domain User Account"]; class StrongPasswordPolicy DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; StrongPasswordPolicy["Strong Password Policy"] --> | strengthens | GlobalUserAccount["Global User Account"]; class StrongPasswordPolicy DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; Multi-factorAuthentication["Multi-factor Authentication"] --> | authenticates | DomainUserAccount["Domain User Account"]; Multi-factorAuthentication["Multi-factor Authentication"] -.-> | May Harden | T1098["Account Manipulation"] ; class Multi-factorAuthentication DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; Multi-factorAuthentication["Multi-factor Authentication"] --> | authenticates | GlobalUserAccount["Global User Account"]; class Multi-factorAuthentication DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; Multi-factorAuthentication["Multi-factor Authentication"] --> | authenticates | UserAccount["User Account"]; class Multi-factorAuthentication DefensiveTechniqueNode; class UserAccount ArtifactNode; click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; One-timePassword["One-time Password"] --> | authenticates | DomainUserAccount["Domain User Account"]; One-timePassword["One-time Password"] -.-> | May Harden | T1098["Account Manipulation"] ; class One-timePassword DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click One-timePassword href "/technique/d3f:One-timePassword"; CredentialTransmissionScoping["Credential Transmission Scoping"] --> | restricts | Credential["Credential"]; CredentialTransmissionScoping["Credential Transmission Scoping"] -.-> | May Harden | T1098["Account Manipulation"] ; class CredentialTransmissionScoping DefensiveTechniqueNode; class Credential ArtifactNode; click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; One-timePassword["One-time Password"] --> | authenticates | GlobalUserAccount["Global User Account"]; class One-timePassword DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click One-timePassword href "/technique/d3f:One-timePassword"; One-timePassword["One-time Password"] --> | authenticates | UserAccount["User Account"]; class One-timePassword DefensiveTechniqueNode; class UserAccount ArtifactNode; click One-timePassword href "/technique/d3f:One-timePassword"; UserAccountPermissions["User Account Permissions"] --> | restricts | UserAccount["User Account"]; UserAccountPermissions["User Account Permissions"] -.-> | May Harden | T1098["Account Manipulation"] ; class UserAccountPermissions DefensiveTechniqueNode; class UserAccount ArtifactNode; click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; UserAccountPermissions["User Account Permissions"] --> | restricts | DomainUserAccount["Domain User Account"]; class UserAccountPermissions DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; UserAccountPermissions["User Account Permissions"] --> | restricts | GlobalUserAccount["Global User Account"]; class UserAccountPermissions DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; CredentialRotation["Credential Rotation"] --> | regenerates | Credential["Credential"]; CredentialRotation["Credential Rotation"] -.-> | May Harden | T1098["Account Manipulation"] ; class CredentialRotation DefensiveTechniqueNode; class Credential ArtifactNode; click CredentialRotation href "/technique/d3f:CredentialRotation"; NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficFiltering["Network Traffic Filtering"] -.-> | May Isolate | T1098["Account Manipulation"] ; class NetworkTrafficFiltering DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; RestoreUserAccountAccess["Restore User Account Access"] --> | restores | GlobalUserAccount["Global User Account"]; RestoreUserAccountAccess["Restore User Account Access"] -.-> | May Restore | T1098["Account Manipulation"] ; class RestoreUserAccountAccess DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess"; RestoreUserAccountAccess["Restore User Account Access"] --> | restores | UserAccount["User Account"]; class RestoreUserAccountAccess DefensiveTechniqueNode; class UserAccount ArtifactNode; click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess"; RestoreUserAccountAccess["Restore User Account Access"] --> | restores | DomainUserAccount["Domain User Account"]; class RestoreUserAccountAccess DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess"; ReissueCredential["Reissue Credential"] --> | restores | Credential["Credential"]; ReissueCredential["Reissue Credential"] -.-> | May Restore | T1098["Account Manipulation"] ; class ReissueCredential DefensiveTechniqueNode; class Credential ArtifactNode; click ReissueCredential href "/technique/d3f:ReissueCredential"; UnlockAccount["Unlock Account"] --> | restores | DomainUserAccount["Domain User Account"]; UnlockAccount["Unlock Account"] -.-> | May Restore | T1098["Account Manipulation"] ; class UnlockAccount DefensiveTechniqueNode; class DomainUserAccount ArtifactNode; click UnlockAccount href "/technique/d3f:UnlockAccount"; UnlockAccount["Unlock Account"] --> | restores | GlobalUserAccount["Global User Account"]; class UnlockAccount DefensiveTechniqueNode; class GlobalUserAccount ArtifactNode; click UnlockAccount href "/technique/d3f:UnlockAccount"; UnlockAccount["Unlock Account"] --> | restores | UserAccount["User Account"]; class UnlockAccount DefensiveTechniqueNode; class UserAccount ArtifactNode; click UnlockAccount href "/technique/d3f:UnlockAccount";