Skip to content

S0521 BloodHound

BloodHound is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.321

Item Value
ID S0521
Associated Names
Version 1.2
Created 28 October 2020
Last Modified 20 April 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1087 Account Discovery -
enterprise T1087.001 Local Account BloodHound can identify users with local administrator rights.2
enterprise T1087.002 Domain Account BloodHound can collect information about domain users, including identification of domain admin accounts.2
enterprise T1560 Archive Collected Data BloodHound can compress data collected by its SharpHound ingestor into a ZIP file to be written to disk.3
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.001 PowerShell BloodHound can use PowerShell to pull Active Directory information from the target environment.2
enterprise T1482 Domain Trust Discovery BloodHound has the ability to map domain trusts and identify misconfigurations for potential abuse.2
enterprise T1615 Group Policy Discovery BloodHound has the ability to collect local admin information via GPO.3
enterprise T1106 Native API BloodHound can use .NET API calls in the SharpHound ingestor component to pull Active Directory data.3
enterprise T1201 Password Policy Discovery BloodHound can collect password policy information on the target environment.2
enterprise T1069 Permission Groups Discovery -
enterprise T1069.001 Local Groups BloodHound can collect information about local groups and members.2
enterprise T1069.002 Domain Groups BloodHound can collect information about domain groups and members.2
enterprise T1018 Remote System Discovery BloodHound can enumerate and collect the properties of domain computers, including domain controllers.2
enterprise T1033 System Owner/User Discovery BloodHound can collect information on user sessions.2

Groups That Use This Software

ID Name References
G0116 Operation Wocao 1
G0102 Wizard Spider 456
G0016 APT29 7
G0114 Chimera 8


Back to top