T1069.002 - Domain Groups
Sub-technique
Tattiche:
Discovery
Discovery
Piattaforme:
Linux macOS Windows
Linux macOS Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.
Commands such as <code>net group /domain</code> of the [Net](https://attack.mitre.org/software/S0039) utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain-level groups.
Commands such as <code>net group /domain</code> of the [Net](https://attack.mitre.org/software/S0039) utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain-level groups.
Usato da Attori (13)
Malware (20)
GRIFFON other
POWRUNER other
BADHATCH other
Gootloader other
WellMess other
BlackCat other
Latrodectus other
Cobalt Strike other
REvil other
Kwampirs other
Egregor other
SoreFang other
Helminth other
OSInfo other
Net tool
BloodHound tool
SILENTTRINITY tool
dsquery tool
Brute Ratel C4 tool
CrackMapExec tool
Metadata
| MITRE ID: | T1069.002 |
| STIX ID: | attack-pattern--2aed01ad-3df3-... |
| Piattaforme: | Linux, macOS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |