T1036.005: T1036.005
Essential information
- MITRE technique ID
T1036.005- Confidence
- 100/100
- Revoked
- No
- Published
- 10/02/2020 21:43
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Match Legitimate Resource Name or Location
Platforms
windows macos linux Containers ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (66)
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Water Sigbin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AMOS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Braodo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WageMole usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT usesThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC4990 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-13 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (73)
-
NOKKI uses
-
Mekotio usesFamily
-
Java RAT usesFamily
-
ValleyRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustyWater usesFamily
-
Calisto uses
-
KaynLdr usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
QUADAGENT uses
-
Penguish usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WAVESHAPER uses
-
Havoc usesThe MITRE Corporation Confidence 100
[Havoc](https://attack.mitre.org/software/S1229) is an open-source post-exploitation command and control (C2) framework first released on GitHub in October 2022 by C5pider (Paul Ungur), who continues to maintain and develop it…
First seen 01/01/1970 · Last seen 16/11/5138 · -
PureLog Stealer usesFamily
Reports (50)
-
AlienVault Confidence 100 19 MITREs 3 Malwares 6 IOCs 1 APT
-
AlienVault Confidence 100 21 MITREs 5 Malwares 60 IOCs 21 Observables 1 APT
-
AlienVault Confidence 100 10 MITREs 4 Malwares 10 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 4 IOCs 1 APT
-
AlienVault Confidence 100 13 MITREs 2 Malwares 2 IOCs 1 Observable
-
AlienVault Confidence 100 20 MITREs 2 Malwares 29 IOCs 20 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 1 Malware 21 IOCs 21 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 6 IOCs 1 Observable
-
AlienVault Confidence 100 19 MITREs 4 Malwares 22 IOCs 22 Observables
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
-
AlienVault Confidence 100 17 MITREs 1 Malware 12 IOCs 12 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 29 IOCs 29 Observables
Vulnerabilities (CVE) (35)
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This …
- Attack vector
- NETWORK
- Published
- 04/08/2023
- Modified
- 08/05/2026
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled …
- Attack vector
- Network
- Published
- 10/02/2023
- Modified
- 21/12/2025
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as …
- Attack vector
- NETWORK
- Published
- 22/12/2021
- Modified
- 28/01/2026
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …
- Attack vector
- LOCAL
- Complexity
- LOW
- EPSS
- 0.0001 (P0.6%)
- Published
- 22/04/2026
- Modified
- 23/05/2026
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …
- Attack vector
- Network
- Published
- 20/07/2025
- Modified
- 21/12/2025
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this …
- Attack vector
- Physical
- Complexity
- Low
- Published
- 20/05/2026
- Modified
- 04/06/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the …
- Attack vector
- NETWORK
- Complexity
- Low
- Published
- 21/11/2019
- Modified
- 18/06/2026
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of …
- Attack vector
- Network
- Complexity
- Low
- Published
- 24/02/2026
- Modified
- 04/06/2026
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026
Tool (1)
-
Brute Ratel C4 usesThe MITRE Corporation Confidence 100
[Brute Ratel C4](https://attack.mitre.org/software/S1063) is a commercial red-teaming and adversarial attack simulation tool that first appeared in December 2020. [Brute Ratel C4](https://attack.mitre.org/software/S1063) was specifically designed to avoid detection by…
Campaign (4)
-
RedPenguin uses
-
C0032 uses
-
SolarWinds Compromise uses
-
HomeLand Justice uses