Home/ MITRE Matrix/ Persistence/ T1136

T1136Create Account

T1136 — Create Account is a MITRE ATT&CK technique in the Persistence tactic. Clankerusecase tracks 10 detection use cases covering it and 1 threat-intel article citing it.

Persistence

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

1Articles

3Sub-techniques

1Tactic

Sub-techniques (3)

T1136.003 · Cloud Account T1136.002 · Domain Account T1136.001 · Local Account

Use cases covering this technique (10)

GitHub personal access token created Internal actions · alerting DD GitLab personal access token generated Internal actions · alerting DD MongoDB user created Internal install · alerting DD MacOS Account Created ESCU actions · hunting P Windows Entra User Management Via Azure CLI ESCU actions · hunting P Cisco IOS Suspicious Privileged Account Creation ESCU actions · hunting P Cisco Privileged Account Creation with HTTP Command Execution ESCU actions · alerting P Cisco Privileged Account Creation with Suspicious SSH Activity ESCU actions · alerting P Web Fraud - Account Harvesting ESCU actions · alerting P [LLM] PraisonAI Platform open-registration burst followed by workspace privileged action Bespoke delivery · alerting SPDDCW

Articles citing this technique (1)

crit [GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation art-164