T1014: T1014
Essential information
- MITRE technique ID
T1014- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:30
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Rootkit
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (30)
-
Blackwood usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
GhostEmperor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RudePanda usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC5221 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT usesThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The Gentlemen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rocke usesThe MITRE Corporation Confidence 100
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Winnti usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Manic Menagerie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
WarzoneRAT usesFamily The MITRE Corporation Confidence 100
[WarzoneRAT](https://attack.mitre.org/software/S0670) is a malware-as-a-service remote access tool (RAT) written in C++ that has been publicly available for purchase since at least late 2018.(Citation: Check Point Warzone Feb 2020)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Tsunami usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Guntior usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
OATBOAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AvosLocker usesFamily The MITRE Corporation Confidence 100
[AvosLocker](https://attack.mitre.org/software/S1053) is ransomware written in C++ that has been offered via the Ransomware-as-a-Service (RaaS) model. It was first observed in June 2021 and has been used against financial…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TONESHELL usesThe MITRE Corporation Confidence 100
[TONESHELL](https://attack.mitre.org/software/S1239) is a custom backdoor that has been used since at least Q1 2021.(Citation: Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023) [TONESHELL](https://attack.mitre.org/software/S1239) malware has previously been leveraged…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Manic Menagerie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rekoobe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CoreWarrior usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DevilsTongue usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VoidLink usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Uroburos usesFamily The MITRE Corporation Confidence 100
[Uroburos](https://attack.mitre.org/software/S0022) is a sophisticated cyber espionage tool written in C that has been used by units within Russia's Federal Security Service (FSB) associated with the [Turla](https://attack.mitre.org/groups/G0010) toolset to…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (27)
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
5 CVEs 20 MITREs 3 Malwares 2 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 15 IOCs 15 Observables
-
18 MITREs 1 Malware 2 Observables
-
16 MITREs 1 APT
-
22 MITREs 3 Malwares 1 APT
-
13 MITREs 1 APT
-
10 MITREs 1 Malware 1 APT
-
19 MITREs 5 Malwares 1 APT
-
11 MITREs 1 Malware 1 APT
-
12 MITREs 2 Malwares 3 Observables
Vulnerabilities (CVE) (37)
- Published
- 20/12/2025
- Modified
- 21/12/2025
Tool (1)
-
HTRAN usesThe MITRE Corporation Confidence 100
[HTRAN](https://attack.mitre.org/software/S0040) is a tool that proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their…
Campaign (1)
-
RedPenguin uses