{
  "type": "x-mitre-data-component",
  "spec_version": "2.1",
  "id": "x-mitre-data-component--02d090b6-8157-48da-98a2-517f7edd49fc",
  "created": "2021-10-20T15:05:19.274Z",
  "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "revoked": false,
  "external_references": [
    {
      "source_name": "mitre-attack",
      "url": "https://attack.mitre.org/datacomponents/DC0084",
      "external_id": "DC0084"
    }
  ],
  "object_marking_refs": [
    "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
  ],
  "modified": "2025-11-12T22:03:39.105Z",
  "name": "Active Directory Credential Request",
  "description": "Requests for authentication credentials via Kerberos or other methods like NTLM and LDAP queries. Examples:\n\n- Kerberos TGT and Service Tickets (Event IDs 4768, 4769)\n- NTLM Authentication Events\n- LDAP Bind Requests.",
  "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "x_mitre_deprecated": false,
  "x_mitre_domains": [
    "enterprise-attack"
  ],
  "x_mitre_version": "2.0",
  "x_mitre_attack_spec_version": "3.3.0",
  "x_mitre_log_sources": [
    {
      "name": "WinEventLog:Security",
      "channel": "EventCode=4768"
    },
    {
      "name": "WinEventLog:Security",
      "channel": "EventCode=4769"
    },
    {
      "name": "WinEventLog:Kerberos",
      "channel": "Kerberos TGS-REQ anomalies without KDC validation (Silver Ticket behavior)"
    },
    {
      "name": "WinEventLog:Security",
      "channel": "EventCode=4929"
    },
    {
      "name": "linux:syslog",
      "channel": "Unusual kinit or klist activity"
    }
  ]
}