T1014: T1014
Essential information
- MITRE technique ID
T1014- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:30
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Rootkit
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (30)
-
Lazarus relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Silver Fox relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC3886 relatedThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 · -
VoidLink relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since at least 2010. The group has heavily targeted the gaming industry, but it has…
First seen 01/01/1970 · Last seen 16/11/5138 · -
gunra relatedAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
VPC Security uses
-
Trojan:Win32/Nukesped uses
-
Carberp uses
-
Emotet usesFamily The MITRE Corporation Confidence 100
[Emotet](https://attack.mitre.org/software/S0367) is a modular malware variant which is primarily used as a downloader for other malware variants such as [TrickBot](https://attack.mitre.org/software/S0266) and [IcedID](https://attack.mitre.org/software/S0483). Emotet first emerged in June 2014,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TEMPLEDOOR usesFamily
-
Deed RAT usesFamily
-
Hacktool uses
-
MataDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GorillaBot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Trojan:MacOS/Pnscan uses
-
REPTILE usesFamily The MITRE Corporation Confidence 100
[REPTILE](https://attack.mitre.org/software/S1219) is an open-source Linux rootkit with multiple components that provides backdoor access and functionality.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 · -
HyperBro - S0398 uses
Reports (27)
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
5 CVEs 20 MITREs 3 Malwares 2 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 15 IOCs 15 Observables
-
18 MITREs 1 Malware 2 Observables
-
16 MITREs 1 APT
-
22 MITREs 3 Malwares 1 APT
-
13 MITREs 1 APT
-
10 MITREs 1 Malware 1 APT
-
19 MITREs 5 Malwares 1 APT
-
11 MITREs 1 Malware 1 APT
-
12 MITREs 2 Malwares 3 Observables
Vulnerabilities (CVE) (37)
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
- Published
- 15/03/2022
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 …
- Attack vector
- Adjacent
- Published
- 30/09/2022
- Modified
- 20/12/2025
Secure Boot Security Feature Bypass Vulnerability
- Attack vector
- LOCAL
- Published
- 11/01/2022
- Modified
- 20/12/2025
targets
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
- Published
- 31/03/2022
- Modified
- 29/05/2026
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
- Attack vector
- Network
- Published
- 04/10/2023
- Modified
- 29/05/2026
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI …
- Attack vector
- Local
- Published
- 14/03/2023
- Modified
- 21/12/2025
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the …
- Attack vector
- Network
- Published
- 14/03/2023
- Modified
- 21/12/2025
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …
- Attack vector
- Local
- Published
- 04/03/2024
- Modified
- 21/12/2025
targets
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation …
- Attack vector
- Local
- Published
- 13/08/2024
- Modified
- 21/12/2025
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform …
- Published
- 25/08/2022
- Modified
- 20/12/2025
Tool (1)
-
HTRAN usesThe MITRE Corporation Confidence 100
[HTRAN](https://attack.mitre.org/software/S0040) is a tool that proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their…
Campaign (1)
-
RedPenguin uses