216.73.217.22

T1056.001: T1056.001

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1056.001
Confidence
100/100
Revoked
No
Published
16/12/2025 19:37
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Aliases

Keylogging

Platforms

windows macos linux Network Devices

Description

Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)

Kill chain phases

Kill chainPhase
mitre-attack collection
mitre-attack credential-access

Marking (TLP)

TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (65)

  • ForumTroll APT uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:53 · Modified 21/12/2025 17:53
  • DPRK uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:19 · Modified 20/12/2025 23:19
  • Needleminer uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:13 · Modified 21/12/2025 09:13
  • XWorm uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:22 · Modified 21/12/2025 17:22
  • WaterPlum uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:11 · Modified 21/12/2025 14:11
  • Venture Wolf uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:15 · Modified 21/12/2025 08:15
  • APT5 uses Mulberry TyphoonMANGANESE
    The MITRE Corporation Confidence 100

    [APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Daggerfly, Evasive Panda, Bronze Highland uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:12 · Modified 21/12/2025 00:12
  • APT-27 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:15 · Modified 21/12/2025 00:15
  • UAC-0063 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:53 · Modified 29/05/2026 12:19
  • CNC uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:26 · Modified 21/12/2025 13:26
  • MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS
    The MITRE Corporation Confidence 100

    [Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
  • Amatera Stealer uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:18 · Modified 21/12/2025 14:18
  • AMOS uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:22 · Modified 21/12/2025 14:22
  • APT39 uses ITG07Chafer
    The MITRE Corporation Confidence 100

    [APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Vietnamese threat group uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:32 · Modified 21/12/2025 08:32
  • Unfading Sea Haze uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:56 · Modified 21/12/2025 04:56
  • UNC1069 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 09/02/2026 21:42 · Modified 09/02/2026 21:42
  • Larva-25004 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:51 · Modified 21/12/2025 13:51
  • Banshee uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:49 · Modified 21/12/2025 09:49
  • Deathstalker uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:52 · Modified 20/12/2025 23:05
  • Volt Typhoon uses BRONZE SILHOUETTEVanguard Panda
    The MITRE Corporation Confidence 100

    [Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • EvilAI uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:05 · Modified 21/12/2025 16:05
  • TA4922 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 04/06/2026 10:38 · Modified 04/06/2026 10:38
  • Earth Estries uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:18 · Modified 21/12/2025 01:18
  • Astaroth uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:52 · Modified 21/12/2025 02:52
  • Sparkling Pisces uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:23 · Modified 21/12/2025 07:23
  • BrazenBamboo uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:26 · Modified 21/12/2025 08:26
  • AMOS threat group related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:32 · Modified 21/12/2025 15:32
  • ANTONIO EDUARDO FREDERICO related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 14/04/2026 16:20 · Modified 14/04/2026 16:20
  • APT 42 related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:50 · Modified 20/12/2025 21:50
  • APT-C-23 related MantisDesert Falcon
    The MITRE Corporation Confidence 100

    [APT-C-23](https://attack.mitre.org/groups/G1028) is a threat group that has been active since at least 2014.(Citation: symantec_mantis) [APT-C-23](https://attack.mitre.org/groups/G1028) has primarily focused its operations on the Middle East, including Israeli military assets. …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • APT-C-35 related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:55 · Modified 20/12/2025 21:55
  • APT-C-36 (Blind Eagle) related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:28 · Modified 27/05/2026 15:52
  • APT-Q-36 related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:23 · Modified 20/12/2025 21:23
  • APT28 related IRON TWILIGHTSNAKEMACKEREL
    The MITRE Corporation Confidence 100

    [APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 08/04/2026 13:02
  • APT3 related Gothic PandaPirpi
    The MITRE Corporation Confidence 100

    [APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • APT32 related SeaLotusAPT-C-00
    The MITRE Corporation Confidence 100

    [APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • APT37 related InkySquidGroup123
    The MITRE Corporation Confidence 100

    [APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • APT42 related
    The MITRE Corporation Confidence 100

    [APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Ajax Security Team related Operation Woolen-GoldfishAjaxTM
    The MITRE Corporation Confidence 100

    [Ajax Security Team](https://attack.mitre.org/groups/G0130) is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 [Ajax Security Team](https://attack.mitre.org/groups/G0130) transitioned …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Andariel related Silent ChollimaPLUTONIUM
    The MITRE Corporation Confidence 100

    [Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Andariel Group related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:40 · Modified 21/12/2025 09:40
  • Angry Likho related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:14 · Modified 21/12/2025 10:14
  • Batavia related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:49 · Modified 21/12/2025 14:49
  • BlindEagle related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:53 · Modified 27/05/2026 15:52
  • CL-STA-1009 related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:58 · Modified 21/12/2025 17:58
  • China-nexus APT related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:48 · Modified 21/12/2025 15:49
  • Chinese-speaking threat group related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:48 · Modified 21/12/2025 16:48
  • ClawHavoc related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 04/02/2026 15:19 · Modified 04/02/2026 15:19
  • ClickFix related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:24 · Modified 21/12/2025 14:24
  • Contagious Interview related Gwisin GangTAG-121
    The MITRE Corporation Confidence 100

    [Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Crazy Evil related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:15 · Modified 21/12/2025 12:15
  • DPRK (North Korea) related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:24 · Modified 21/12/2025 08:24
  • DPRK-aligned operators related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 19:03 · Modified 21/12/2025 19:03
  • DarkCloud related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:30 · Modified 21/12/2025 15:30
  • Darkhotel related DUBNIUMZigzag Hail
    The MITRE Corporation Confidence 100

    [Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Democratic People's Republic of Korea (DPRK) related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:11 · Modified 21/12/2025 07:11
  • Desert Dexter related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:34 · Modified 21/12/2025 10:34
  • DragonBreath related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 18:51 · Modified 21/12/2025 18:51
  • ERMAC related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:06 · Modified 21/12/2025 16:06
  • EVALUSION related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 20:39 · Modified 21/12/2025 20:39
  • Earth Minotaur related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:39 · Modified 21/12/2025 08:39
  • Educated Manticore related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:09 · Modified 21/12/2025 15:09
  • Emennet Pasargad related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:41 · Modified 21/12/2025 07:41

Malware (114)

  • Reverse RAT uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
  • ZxShell
  • Neptune RAT uses
    Family
    Published 09/04/2025 07:52 · Modified 09/04/2025 07:52
  • Ermac uses
    Family
    Published 19/03/2026 11:00 · Modified 19/03/2026 11:00
  • KeyBoy
  • AnyDesk uses
    Family
    Published 10/06/2026 11:58 · Modified 10/06/2026 11:58
  • Tropidoor uses
    Family
    Published 09/11/2025 04:31 · Modified 09/11/2025 04:31
  • Doenerium uses
    Family
    Published 06/03/2025 23:02 · Modified 06/03/2025 23:02
  • MacMa - S1016 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:04 · Modified 21/12/2025 06:04
  • PureHVNC uses
    Family
    Published 31/10/2025 09:32 · Modified 31/10/2025 09:32
  • GrassCall uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:15 · Modified 21/12/2025 12:15
  • GachiLoader uses
    Family
    Published 29/04/2026 02:24 · Modified 29/04/2026 02:24
  • HelloDoor uses
    Family
    Published 14/05/2026 11:16 · Modified 14/05/2026 11:16
  • SnakeKeylogger uses
    Family
    Published 24/04/2025 13:40 · Modified 24/04/2025 13:40
  • Oyster uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • BaoLoader uses
    Family
    Published 10/12/2025 19:31 · Modified 10/12/2025 19:31
  • Stealerium uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:38 · Modified 20/12/2025 23:34
  • SocGholish - S1124 uses
    Family
    Published 17/02/2025 11:10 · Modified 17/02/2025 11:10
  • BYOB uses
    Family
    Published 29/01/2026 12:49 · Modified 29/01/2026 12:49
  • VineThorn
  • Blank Grabber uses
    Family
    Published 03/09/2025 05:35 · Modified 03/09/2025 05:35
  • DRYHOOK uses
    Family
    Published 09/01/2025 08:56 · Modified 09/01/2025 08:56
  • AntiSpam.exe uses
    Family
    Published 20/08/2024 08:38 · Modified 20/08/2024 08:38
  • StrelaStealer uses
    Family
    Published 25/06/2024 13:07 · Modified 25/06/2024 13:07
  • LOGPIE uses
    Family
    Published 22/05/2025 21:54 · Modified 22/05/2025 21:54
  • MacMa
  • DOGCALL
  • NavRAT
  • SUPERNOVA uses
    Family
    Published 04/02/2025 16:46 · Modified 04/02/2025 16:46
  • RooTroy uses
    Family
    Published 28/10/2025 03:41 · Modified 28/10/2025 03:41
  • Duqu
  • CharmPower - S0674 uses
    Family
    Published 23/02/2026 10:13 · Modified 23/02/2026 10:13
  • MetaStealer uses
    Family
    Published 30/08/2025 09:10 · Modified 30/08/2025 09:10
  • Rustonotto uses
    Family
    Published 08/09/2025 14:41 · Modified 08/09/2025 14:41
  • SysPhon uses
    Family
    Published 28/10/2025 03:41 · Modified 28/10/2025 03:41
  • FatalRAT uses
    Family
    Published 19/02/2026 16:01 · Modified 19/02/2026 16:01
  • AMOS uses
    Family
    Published 18/05/2026 17:52 · Modified 18/05/2026 17:52
  • Ousaban
  • Interlock uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Attor
  • AnimateClipper uses
    Family
    Published 03/06/2026 17:42 · Modified 03/06/2026 17:42
  • DarkCrystal RAT uses
    Family
    Published 22/10/2024 21:56 · Modified 22/10/2024 21:56
  • DarkCloud Stealer uses
    Family
    Published 08/08/2025 08:00 · Modified 08/08/2025 08:00
  • Mekotio uses
    Family
    Published 19/05/2026 22:26 · Modified 19/05/2026 22:26
  • AHK Bot uses
    Family
    Published 12/08/2025 21:36 · Modified 12/08/2025 21:36
  • Andariel keylogger uses
    Family
    Published 04/11/2024 17:12 · Modified 04/11/2024 17:12
  • SystemBC uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • KGH_SPY
  • EvilGrab
  • NanoCore
  • Pelmeni uses
    Family
    Published 14/05/2026 20:10 · Modified 14/05/2026 20:10
  • update6.exe uses
    Family
    Published 20/08/2024 08:38 · Modified 20/08/2024 08:38
  • CastleStealer uses
    Family
    Published 30/04/2026 14:41 · Modified 30/04/2026 14:41
  • Banking Trojan uses
    Family
    Published 27/08/2025 15:59 · Modified 27/08/2025 15:59
  • xkeylog Keylogger
  • Peppy
  • HATVIBE uses
    Family
    Published 22/05/2025 21:54 · Modified 22/05/2025 21:54
  • PylangGhost uses
    Family
    Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
  • BlackEnergy
  • RedLine Stealer uses
    Family
    Published 14/12/2024 07:04 · Modified 14/12/2024 07:04
  • PowerLess
  • Metamorfo - S0455 uses
    Family
    Published 19/05/2026 22:26 · Modified 19/05/2026 22:26
  • TutRAT uses
    Family
    Published 14/05/2026 11:16 · Modified 14/05/2026 11:16
  • Amethyst stealer uses
    Family
    Published 09/04/2025 15:50 · Modified 09/04/2025 15:50
  • NightClub uses
    Family The MITRE Corporation Confidence 100

    [NightClub](https://attack.mitre.org/software/S1090) is a modular implant written in C++ that has been used by [MoustachedBouncer](https://attack.mitre.org/groups/G1019) since at least 2014.(Citation: MoustachedBouncer ESET August 2023)

    First seen 01/01/1970 · Last seen 16/11/5138 Published 27/09/2023 21:32 · Modified 27/03/2026 01:05
  • Water-Saci uses
    Family
    Published 24/11/2025 12:02 · Modified 24/11/2025 12:02
  • DarkTortilla
  • ArrowRAT uses
    Family
    Published 07/05/2026 17:05 · Modified 07/05/2026 17:05
  • Kematian Stealer uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:45 · Modified 21/12/2025 05:10
  • FadeStealer uses
    Family
    Published 08/09/2025 14:41 · Modified 08/09/2025 14:41
  • ExtremeVNC
  • Lumma uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:50 · Modified 21/12/2025 16:13
  • SilentGh0st uses
    Family
    Published 24/05/2024 08:21 · Modified 24/05/2024 08:21
  • HttpSpy uses
    Family
    Published 29/05/2026 11:20 · Modified 29/05/2026 11:20
  • Android malware uses
    Family
    Published 22/10/2025 19:45 · Modified 22/10/2025 19:45
  • Statuezy uses
    Family
    Published 05/12/2024 02:56 · Modified 05/12/2024 02:56
  • Wainscot uses
    Family
    Published 05/12/2024 02:56 · Modified 05/12/2024 02:56
  • yty
  • MarkiRAT
  • Hijackloader uses
    Family
    Published 10/06/2026 11:58 · Modified 10/06/2026 11:58
  • Meduza Stealer uses
    Family
    Published 20/08/2025 18:39 · Modified 20/08/2025 18:39
  • Matryoshka
  • InvisibleFerrett uses
    Family
    Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
  • Anivia uses
    Family
    Published 04/12/2025 10:32 · Modified 04/12/2025 10:32
  • Mispadu uses
    Family
    Published 18/12/2024 19:17 · Modified 18/12/2024 19:17
  • AI Photo and Video Editor uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • GOSAR uses
    Family
    Published 16/12/2024 12:44 · Modified 16/12/2024 12:44
  • Explosive
  • TutClient
  • PURESTEALER uses
    Family
    Published 31/10/2024 15:14 · Modified 31/10/2024 15:14
  • ClipBanker uses
    Family
    Published 09/04/2026 09:57 · Modified 09/04/2026 09:57
  • DarkCrystal
  • KimJongRAT uses
    Family
    Published 24/11/2025 11:59 · Modified 24/11/2025 11:59
  • PlugX - S0013 uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • DarkKomet uses
    Family
    Published 16/06/2026 09:50 · Modified 16/06/2026 09:50
  • YASS uses
    Family
    Published 11/09/2024 08:02 · Modified 11/09/2024 08:02
  • KarstoRAT uses
    Family
    Published 30/04/2026 14:20 · Modified 30/04/2026 14:20
  • Atlas RAT uses
    Family
    Published 03/06/2026 12:55 · Modified 03/06/2026 12:55
  • TeamsClutch uses
    Family
    Published 28/10/2025 03:41 · Modified 28/10/2025 03:41
  • Earth Preta
  • StarProxy uses
    Family
    Published 16/04/2025 20:35 · Modified 16/04/2025 20:35
  • MustardSandwich uses
    Family
    Published 11/09/2024 08:02 · Modified 11/09/2024 08:02
  • PureCrypter uses
    Family
    Published 10/10/2025 08:25 · Modified 10/10/2025 08:25
  • Daserf
  • PS1Bot uses
    Family
    Published 05/09/2025 02:14 · Modified 05/09/2025 02:14
  • Triada uses
    Family
    Published 17/02/2026 12:39 · Modified 17/02/2026 12:39
  • DigitStealer uses
    Family
    Published 02/02/2026 22:44 · Modified 02/02/2026 22:44
  • Action RAT - S1028 uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
  • AppSuite uses
    Family
    Published 10/12/2025 19:31 · Modified 10/12/2025 19:31
  • Cthulhu uses
    Family
    Published 15/04/2026 14:59 · Modified 15/04/2026 14:59
  • 0bj3ctivity Stealer uses
    Family
    Published 12/08/2024 11:26 · Modified 12/08/2024 11:26
  • TinkyWinkey uses
    Family
    Published 01/09/2025 09:54 · Modified 01/09/2025 09:54
  • qaxreporter.exe uses
    Family
    Published 10/04/2025 18:50 · Modified 10/04/2025 18:50
  • SLOTHFULMEDIA

Reports (50)

Vulnerabilities (CVE) (56)

CVE-2024-40711 KEV
9.8 Critical

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Attack vector
Network
Published
17/10/2024
Modified
21/12/2025
Awaiting Analysis
CVE-2018-17480 KEV

Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …

Published
08/06/2022
Modified
21/12/2025
CVE-2024-3400 KEV
10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector
Network
Published
12/04/2024
Modified
21/12/2025
CVE-2026-3102
5.3 Medium

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of …

Published
24/02/2026
Modified
24/02/2026
Awaiting Analysis
CVE-2025-6554 KEV
8.1 High

Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML …

Attack vector
Network
Published
02/07/2025
Modified
21/12/2025
Received
CVE-2024-21111
7.8 High

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily …

Attack vector
LOCAL
Published
17/04/2024
Modified
21/12/2025
CVE-2025-20362 KEV
6.5 Medium

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …

Attack vector
Network
Published
25/09/2025
Modified
21/12/2025
Analyzed
CVE-2025-55182 KEV
10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector
Network
Published
05/12/2025
Modified
29/05/2026
Analyzed
CVE-2025-43520
7.1 High

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, …

Published
12/12/2025
Modified
16/12/2025
Analyzed
CVE-2025-31277
8.8 High

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and …

Published
30/07/2025
Modified
31/07/2025
Analyzed
CVE-2025-43529
8.8 High

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS …

Published
17/12/2025
Modified
18/12/2025
Analyzed
CVE-2024-43461 KEV
8.8 High

Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web …

Attack vector
Network
Published
16/09/2024
Modified
21/12/2025
Analyzed
CVE-2016-5198 KEV
8.8 High

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code …

Attack vector
NETWORK
Complexity
LOW
Published
19/01/2017
Modified
22/04/2026
CVE-2025-32463 KEV
9.3 Critical

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …

Attack vector
Local
Published
29/09/2025
Modified
27/05/2026
Received
CVE-2023-27350 KEV
9.8 Critical

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …

Attack vector
Network
Published
21/04/2023
Modified
21/12/2025
CVE-2025-24277

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura …

Published
31/03/2025
Modified
01/04/2025
Awaiting Analysis
CVE-2025-20333 KEV
9.9 Critical

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …

Attack vector
Network
Published
25/09/2025
Modified
21/12/2025
Analyzed
CVE-2022-1388 KEV

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …

Published
10/05/2022
Modified
20/12/2025
CVE-2018-0802 KEV

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published
03/11/2021
Modified
20/12/2025
CVE-2025-10035 KEV
10.0 Critical

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to …

Attack vector
Network
Published
29/09/2025
Modified
29/05/2026
Awaiting Analysis
CVE-2025-1661
9.8 Critical

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, …

Attack vector
NETWORK
Published
11/03/2025
Modified
21/12/2025
Awaiting Analysis
CVE-2024-6327
9.9 Critical

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization …

Attack vector
NETWORK
Published
24/07/2024
Modified
21/12/2025
Awaiting Analysis
CVE-2024-3721
6.3 Medium

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …

Attack vector
NETWORK
Published
13/04/2024
Modified
21/12/2025
CVE-2023-3420
8.8 High

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Attack vector
NETWORK
Published
26/06/2023
Modified
21/12/2025
CVE-2022-41352 KEV
9.8 Critical

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other …

Attack vector
Network
Published
20/10/2022
Modified
20/12/2025
CVE-2024-7593 KEV
9.8 Critical

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass …

Attack vector
Network
Complexity
LOW
Published
13/08/2024
Modified
06/06/2026
CVE-2024-4577 KEV
9.8 Critical

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …

Attack vector
Network
Published
12/06/2024
Modified
21/12/2025
Received
CVE-2024-47575 KEV
9.8 Critical

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager …

Attack vector
Network
Published
23/10/2024
Modified
21/12/2025
Analyzed
CVE-2022-38028 KEV
7.8 High

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with …

Attack vector
Local
Published
23/04/2024
Modified
21/12/2025
CVE-2017-5070 KEV
8.8 High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …

Attack vector
NETWORK
Complexity
LOW
Published
27/10/2017
Modified
22/04/2026
CVE-2025-25256
9.8 Critical

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …

Attack vector
Network
Published
12/08/2025
Modified
27/05/2026
Received
CVE-2024-4058
8.8 High

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Attack vector
NETWORK
Published
01/05/2024
Modified
21/12/2025
Awaiting Analysis
CVE-2018-6065 KEV

Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …

Published
08/06/2022
Modified
21/12/2025
CVE-2017-5030 KEV
8.8 High

Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. …

Attack vector
NETWORK
Complexity
LOW
Published
25/04/2017
Modified
22/04/2026
CVE-2020-6418 KEV

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML …

Published
03/11/2021
Modified
21/12/2025
CVE-2024-45519 KEV
10.0 Critical

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before …

Attack vector
Network
Published
03/10/2024
Modified
21/12/2025
Analyzed
CVE-2016-1646 KEV
8.8 High

Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly …

Attack vector
NETWORK
Complexity
LOW
Published
29/03/2016
Modified
22/04/2026
CVE-2025-43510
7.8 High

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS …

Published
12/12/2025
Modified
18/12/2025
Analyzed
CVE-2025-14174
8.8 High

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out …

Published
12/12/2025
Modified
15/12/2025
Analyzed
CVE-2025-59287 KEV
9.8 Critical

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Attack vector
Network
Published
24/10/2025
Modified
21/12/2025
Undergoing Analysis
CVE-2025-2783 KEV
8.3 High

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being …

Attack vector
Network
Published
27/03/2025
Modified
21/12/2025
Analyzed
CVE-2024-43093 KEV
7.3 High

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due …

Attack vector
Local
Published
07/11/2024
Modified
21/12/2025
Analyzed
CVE-2025-6543
9.2 Critical

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway …

Published
25/06/2025
Modified
26/06/2025
Awaiting Analysis
CVE-2025-61882 KEV
9.8 Critical

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. …

Attack vector
Network
Published
06/10/2025
Modified
21/12/2025
Modified
CVE-2024-40766 KEV
9.8 Critical

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in …

Attack vector
Network
Published
09/09/2024
Modified
21/12/2025
Analyzed
CVE-2017-11882 KEV
7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector
Local
Complexity
Low
Published
15/11/2017
Modified
29/05/2026
CVE-2017-0199 KEV
7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector
LOCAL
Complexity
LOW
Published
12/04/2017
Modified
22/04/2026
CVE-2024-30051
7.8 High

Windows DWM Core Library Elevation of Privilege Vulnerability

Published
14/05/2024
Modified
14/05/2024
Awaiting Analysis
CVE-2018-17463 KEV

Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …

Published
08/06/2022
Modified
21/12/2025
CVE-2025-20265
10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector
Network
Published
14/08/2025
Modified
27/05/2026
Awaiting Analysis
CVE-2025-2857
10.0 Critical

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process …

Attack vector
Network
Complexity
Low
Published
27/03/2025
Modified
13/04/2026

Attack patterns (MITRE) (1)

  • T1056 subtechnique-of
    Input Capture

Tool (1)

  • PcShare uses
    The MITRE Corporation Confidence 100

    [PcShare](https://attack.mitre.org/software/S1050) is an open source remote access tool that has been modified and used by Chinese threat actors, most notably during the FunnyDream campaign since late 2018.(Citation: Bitdefender …

    Published 13/10/2022 16:07 · Modified 27/03/2026 01:07