Vendor: StealthBits
April 15, 2026 · View on GitHub
Product: StealthIntercept
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 42 | 17 | 5 | 2 | 0 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Account Manipulation | ds-access ↳stealthbits-s-leef-ds-object-activity-attrnewvalue failed-ds-access ↳stealthbits-s-leef-ds-object-activity-attrnewvalue | T1207 - Rogue Domain Controller T1484 - Group Policy Modification |
|
| Compromised Credentials | ds-access ↳stealthbits-s-leef-ds-object-activity-attrnewvalue | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1207 - Rogue Domain Controller T1558 - Steal or Forge Kerberos Tickets |
|
| Privilege Abuse | ds-access ↳stealthbits-s-leef-ds-object-activity-attrnewvalue | T1484 - Group Policy Modification |
|
| Privileged Activity | ds-access ↳stealthbits-s-leef-ds-object-activity-attrnewvalue | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1207 - Rogue Domain Controller T1484 - Group Policy Modification |
|
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Group Policy Modification | Group Policy Modification Rogue Domain Controller | OS Credential Dumping Steal or Forge Kerberos Tickets OS Credential Dumping: DCSync |