View on MITRE ATT&CK

T1087.002 - Domain Account

Sub-technique
Tattiche:
Discovery
Piattaforme:
Linux macOS Windows
Rilevamento:
Not specified
Description:
Adversaries may attempt to get a listing of domain accounts. This information can help adversaries determine which domain accounts exist to aid in follow-on behavior such as targeting specific accounts which possess particular privileges.

Commands such as <code>net user /domain</code> and <code>net group /domain</code> of the [Net](https://attack.mitre.org/software/S0039) utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain users and groups. [PowerShell](https://attack.mitre.org/techniques/T1059/001) cmdlets including <code>Get-ADUser</code> and <code>Get-ADGroupMember</code> may enumerate members of Active Directory groups.(Citation: CrowdStrike StellarParticle January 2022)
Usato da Attori (20)
Turla
Nation-state
FIN7
Criminal
Poseidon Group
Unknown
FIN6
Unknown
OilRig
Nation-state
MuddyWater
Nation-state
MUSTANG PANDA
Nation-state
WIZARD SPIDER
Nation-state
APT41
Nation-state
Fox Kitten
Unknown
FIN13
Unknown
ToddyCat
Unknown
Volt Typhoon
Unknown
Scattered Spider
Unknown
Storm-0501
Unknown
Dragonfly
Unknown
Sandworm Team
Unknown
Ke3chang
Unknown
BRONZE BUTLER
Unknown
Storm-1811
Unknown
Malware (20)
Stuxnet other POWRUNER other Bankshot other DUSTTRAP other BlackCat other IcedID other Sykipot other Latrodectus other Bazar other MgBot other Cobalt Strike other Valak other BoomBox other IceApple other SoreFang other OSInfo other Net tool BloodHound tool SILENTTRINITY tool Empire tool
Metadata
MITRE ID: T1087.002
STIX ID: attack-pattern--21875073-b0ee-...
Piattaforme: Linux, macOS, Windows
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00