T1036.005: T1036.005
Essential information
- MITRE technique ID
T1036.005- Confidence
- 100/100
- Revoked
- No
- Published
- 10/02/2020 21:43
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Match Legitimate Resource Name or Location
Platforms
windows macos linux Containers ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (66)
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Water Sigbin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AMOS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Braodo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WageMole usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT usesThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC4990 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-13 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (73)
-
BRUTED usesFamily
-
BackConfig uses
-
VLTRig usesFamily
-
AMOS Stealer usesFamily
-
SilverScreen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ArcfeedLoader uses
-
updf usesFamily
-
LightNeuron uses
-
Doki uses
-
SSHcmd usesFamily
-
Tiflux usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cobalt Strike usesFamily
Reports (50)
-
AlienVault Confidence 100 20 MITREs 7 Malwares 11 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 6 IOCs 1 APT
-
AlienVault Confidence 100 21 MITREs 5 Malwares 60 IOCs 21 Observables 1 APT
-
AlienVault Confidence 100 10 MITREs 4 Malwares 10 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 4 IOCs 1 APT
-
AlienVault Confidence 100 13 MITREs 2 Malwares 2 IOCs 1 Observable
-
AlienVault Confidence 100 20 MITREs 2 Malwares 29 IOCs 20 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 1 Malware 21 IOCs 21 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 6 IOCs 1 Observable
-
AlienVault Confidence 100 19 MITREs 4 Malwares 22 IOCs 22 Observables
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
Vulnerabilities (CVE) (35)
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x …
- Published
- 24/06/2025
- Modified
- 24/06/2025
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 14/04/2026
- Modified
- 29/04/2026
targets
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This …
- Attack vector
- Network
- Published
- 07/02/2025
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread …
- Attack vector
- Network
- Published
- 10/07/2025
- Modified
- 21/12/2025
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 24/04/2017
- Modified
- 22/04/2026
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through …
- Attack vector
- Network
- Published
- 14/01/2025
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
- Published
- 27/04/2026
- Modified
- 27/04/2026
Tool (1)
-
Brute Ratel C4 usesThe MITRE Corporation Confidence 100
[Brute Ratel C4](https://attack.mitre.org/software/S1063) is a commercial red-teaming and adversarial attack simulation tool that first appeared in December 2020. [Brute Ratel C4](https://attack.mitre.org/software/S1063) was specifically designed to avoid detection by…
Campaign (4)
-
RedPenguin uses
-
C0032 uses
-
SolarWinds Compromise uses
-
HomeLand Justice uses