Esc
Password Spraying - T1110.003
(ATT&CK® Technique)
Definition
No definition available.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1110003["Password Spraying"] --> |accesses| Password["Password"]; class T1110003 OffensiveTechniqueNode; class Password ArtifactNode; click Password href "/dao/artifact/d3f:Password"; click T1110003 href "/offensive-technique/attack/T1110.003/"; click Password href "/dao/artifact/d3f:Password"; T1110003["Password Spraying"] --> |modifies| AuthenticationLog["Authentication Log"]; class T1110003 OffensiveTechniqueNode; class AuthenticationLog ArtifactNode; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog"; click T1110003 href "/offensive-technique/attack/T1110.003/"; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog"; T1110003["Password Spraying"] --> |may-create| IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; class T1110003 OffensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; click T1110003 href "/offensive-technique/attack/T1110.003/"; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; T1110003["Password Spraying"] --> |produces| Authentication["Authentication"]; class T1110003 OffensiveTechniqueNode; class Authentication ArtifactNode; click Authentication href "/dao/artifact/d3f:Authentication"; click T1110003 href "/offensive-technique/attack/T1110.003/"; click Authentication href "/dao/artifact/d3f:Authentication"; DecoyUserCredential["Decoy User Credential"] --> | spoofs | Password["Password"]; DecoyUserCredential["Decoy User Credential"] -.-> | May Deceive | T1110003["Password Spraying"] ; class DecoyUserCredential DefensiveTechniqueNode; class Password ArtifactNode; click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.-> | May Detect | T1110003["Password Spraying"] ; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class AdministrativeNetworkActivityAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click AdministrativeNetworkActivityAnalysis href "/technique/d3f:AdministrativeNetworkActivityAnalysis"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.-> | May Detect | T1110003["Password Spraying"] ; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; Client-serverPayloadProfiling["Client-server Payload Profiling"] -.-> | May Detect | T1110003["Password Spraying"] ; class Client-serverPayloadProfiling DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; ConnectionAttemptAnalysis["Connection Attempt Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ConnectionAttemptAnalysis["Connection Attempt Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class ConnectionAttemptAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ConnectionAttemptAnalysis href "/technique/d3f:ConnectionAttemptAnalysis"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.-> | May Detect | T1110003["Password Spraying"] ; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] --> | analyzes | Authentication["Authentication"]; ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class ResourceAccessPatternAnalysis DefensiveTechniqueNode; class Authentication ArtifactNode; click ResourceAccessPatternAnalysis href "/technique/d3f:ResourceAccessPatternAnalysis"; SessionDurationAnalysis["Session Duration Analysis"] --> | analyzes | Authentication["Authentication"]; SessionDurationAnalysis["Session Duration Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class SessionDurationAnalysis DefensiveTechniqueNode; class Authentication ArtifactNode; click SessionDurationAnalysis href "/technique/d3f:SessionDurationAnalysis"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] --> | analyzes | Password["Password"]; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.-> | May Detect | T1110003["Password Spraying"] ; class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode; class Password ArtifactNode; click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; AuthenticationEventThresholding["Authentication Event Thresholding"] --> | analyzes | Authentication["Authentication"]; AuthenticationEventThresholding["Authentication Event Thresholding"] -.-> | May Detect | T1110003["Password Spraying"] ; class AuthenticationEventThresholding DefensiveTechniqueNode; class Authentication ArtifactNode; click AuthenticationEventThresholding href "/technique/d3f:AuthenticationEventThresholding"; CredentialTransmissionScoping["Credential Transmission Scoping"] --> | restricts | Password["Password"]; CredentialTransmissionScoping["Credential Transmission Scoping"] -.-> | May Harden | T1110003["Password Spraying"] ; class CredentialTransmissionScoping DefensiveTechniqueNode; class Password ArtifactNode; click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; One-timePassword["One-time Password"] --> | use-limits | Password["Password"]; One-timePassword["One-time Password"] -.-> | May Harden | T1110003["Password Spraying"] ; class One-timePassword DefensiveTechniqueNode; class Password ArtifactNode; click One-timePassword href "/technique/d3f:One-timePassword"; StrongPasswordPolicy["Strong Password Policy"] --> | strengthens | Password["Password"]; StrongPasswordPolicy["Strong Password Policy"] -.-> | May Harden | T1110003["Password Spraying"] ; class StrongPasswordPolicy DefensiveTechniqueNode; class Password ArtifactNode; click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; CredentialRotation["Credential Rotation"] --> | regenerates | Password["Password"]; CredentialRotation["Credential Rotation"] -.-> | May Harden | T1110003["Password Spraying"] ; class CredentialRotation DefensiveTechniqueNode; class Password ArtifactNode; click CredentialRotation href "/technique/d3f:CredentialRotation"; CredentialRevoking["Credential Revoking"] --> | deletes | Password["Password"]; CredentialRevoking["Credential Revoking"] -.-> | May Evict | T1110003["Password Spraying"] ; class CredentialRevoking DefensiveTechniqueNode; class Password ArtifactNode; click CredentialRevoking href "/technique/d3f:CredentialRevoking"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] --> | deletes | Password["Password"]; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.-> | May Evict | T1110003["Password Spraying"] ; class AuthenticationCacheInvalidation DefensiveTechniqueNode; class Password ArtifactNode; click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficFiltering["Network Traffic Filtering"] -.-> | May Isolate | T1110003["Password Spraying"] ; class NetworkTrafficFiltering DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; ReissueCredential["Reissue Credential"] --> | restores | Password["Password"]; ReissueCredential["Reissue Credential"] -.-> | May Restore | T1110003["Password Spraying"] ; class ReissueCredential DefensiveTechniqueNode; class Password ArtifactNode; click ReissueCredential href "/technique/d3f:ReissueCredential";