Skip to content

S0007 Skeleton Key

Skeleton Key is malware used to inject false credentials into domain controllers with the intent of creating a backdoor password. 1 Functionality similar to Skeleton Key is included as a module in Mimikatz.

Item Value
ID S0007
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 18 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1556 Modify Authentication Process -
enterprise T1556.001 Domain Controller Authentication Skeleton Key is used to patch an enterprise domain controller authentication process with a backdoor password. It allows adversaries to bypass the standard authentication system to use a defined password for all accounts authenticating to that domain controller.1