T1021.002: T1021.002
Essential information
- MITRE technique ID
T1021.002- Confidence
- 100/100
- Revoked
- No
- Published
- 11/02/2020 19:25
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
SMB/Windows Admin Shares
Platforms
windows
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | lateral-movement |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (60)
-
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Beast Ransomware usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HoneyMyte usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Helldown usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Muddled Libra usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GOLD SALEM usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedGolf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TGR-STA-1030 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible…
First seen 01/01/1970 · Last seen 16/11/5138 · -
INC usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Fog ransomware group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (71)
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ELF Backdoor usesFamily
-
Megazord usesFamily
-
Atharvan usesFamily
-
Deed RAT usesFamily
-
Latrodectus usesThe MITRE Corporation Confidence 100
[Latrodectus](https://attack.mitre.org/software/S1160) is a Windows malware downloader that has been used since at least 2023 to download and execute additional payloads and modules. [Latrodectus](https://attack.mitre.org/software/S1160) has most often been distributed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Zox uses
-
MysterySnail RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HELLOKITTY - S0617 usesFamily
-
zwShell uses
-
Charon usesFamily
-
PEAKLIGHT usesFamily
Reports (50)
-
1 CVE 16 MITREs 3 Malwares 9 Observables 1 APT
-
25 MITREs 4 Observables 1 APT
-
3 CVEs 16 MITREs 5 Observables
-
17 MITREs 6 Malwares 4 Observables 1 APT
-
22 MITREs 9 Malwares 6 Observables 1 APT
-
17 MITREs 1 Malware 1 APT
-
18 MITREs 2 Malwares 5 Observables 1 APT
-
19 MITREs 3 Malwares 17 Observables 1 APT
-
19 MITREs 1 Malware
-
11 MITREs 53 Observables
-
5 CVEs 7 MITREs 1 Malware 2 Observables 1 APT
-
12 MITREs 1 Malware 2 Observables 1 APT
Vulnerabilities (CVE) (75)
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in …
- Attack vector
- Network
- Published
- 09/09/2024
- Modified
- 21/12/2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …
- Attack vector
- NETWORK
- Published
- 21/07/2025
- Modified
- 21/12/2025
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 09/06/2026
- Modified
- 24/06/2026
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would …
- Attack vector
- Network
- Published
- 23/09/2025
- Modified
- 12/03/2026
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread …
- Attack vector
- Network
- Published
- 10/07/2025
- Modified
- 21/12/2025
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 13/05/2026
- Modified
- 10/06/2026
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If …
- Attack vector
- Network
- Published
- 19/09/2024
- Modified
- 21/12/2025
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to …
- Attack vector
- Network
- Published
- 18/11/2024
- Modified
- 21/12/2025
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …
- Attack vector
- Network
- Published
- 05/02/2024
- Modified
- 14/01/2026
Tool (1)
-
Net usesThe MITRE Corporation Confidence 100
The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…
Campaign (1)
-
2016 Ukraine Electric Power Attack uses
Course Of Action (1)
-
Filter Network Traffic mitigates