S0007 Skeleton Key
Skeleton Key is malware used to inject false credentials into domain controllers with the intent of creating a backdoor password. 1 Functionality similar to Skeleton Key is included as a module in Mimikatz.
| Item | Value |
|---|---|
| ID | S0007 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 31 May 2017 |
| Last Modified | 18 March 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1556 | Modify Authentication Process | - |
| enterprise | T1556.001 | Domain Controller Authentication | Skeleton Key is used to patch an enterprise domain controller authentication process with a backdoor password. It allows adversaries to bypass the standard authentication system to use a defined password for all accounts authenticating to that domain controller.1 |