Skip to content

S1071 Rubeus

Rubeus is a C# toolset designed for raw Kerberos interaction that has been used since at least 2020, including in ransomware operations.1243

Item Value
ID S1071
Associated Names
Version 1.0
Created 29 March 2023
Last Modified 13 April 2023
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1482 Domain Trust Discovery Rubeus can gather information about domain trusts.43
enterprise T1558 Steal or Forge Kerberos Tickets -
enterprise T1558.001 Golden Ticket Rubeus can forge a ticket-granting ticket.1
enterprise T1558.002 Silver Ticket Rubeus can create silver tickets.1
enterprise T1558.003 Kerberoasting Rubeus can use the KerberosRequestorSecurityToken.GetRequest method to request kerberoastable service tickets.1
enterprise T1558.004 AS-REP Roasting Rubeus can reveal the credentials of accounts that have Kerberos pre-authentication disabled through AS-REP roasting.143