T1074: T1074
Essential information
- MITRE technique ID
T1074- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:30
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Data Staged
Platforms
windows macos linux IaaS ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (52)
-
Sapphire Werewolf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Crimson Collective usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DPRK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Stargazer Goblin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAC-0173 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lazarus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PhantomCaptcha usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[INC Ransom](https://attack.mitre.org/groups/G1032) is a ransomware and data extortion threat group associated with the deployment of [INC Ransomware](https://attack.mitre.org/software/S1139) that has been active since at least July 2023. [INC Ransom](https://attack.mitre.org/groups/G1032)…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
Windows Locker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Smokeloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cuckoo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Acres usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dolphin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NetSupport usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MintLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
12 MITREs 3 Observables 1 APT
-
21 MITREs 4 Malwares 1 APT
-
16 MITREs 2 Malwares 1 APT
-
15 MITREs 1 Malware 97 Observables
-
19 MITREs 4 Malwares 1 APT
-
9 MITREs 1 Malware
-
14 MITREs 5 Observables
-
8 MITREs 1 Malware 1 APT
-
17 MITREs 1 Malware 2 Observables 1 APT
-
16 MITREs 2 Observables 1 APT
-
18 MITREs 1 Malware 9 Observables 1 APT
-
1 CVE 13 MITREs 1 Malware 11 Observables 1 APT
Vulnerabilities (CVE) (63)
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated …
- Attack vector
- NETWORK
- Published
- 23/12/2022
- Modified
- 19/01/2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and …
- Attack vector
- NETWORK
- Published
- 18/07/2023
- Modified
- 21/12/2025
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an …
- Attack vector
- NETWORK
- Published
- 20/07/2023
- Modified
- 21/12/2025
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the …
- Attack vector
- NETWORK
- Published
- 03/04/2023
- Modified
- 21/12/2025
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a …
- Attack vector
- NETWORK
- Published
- 02/08/2023
- Modified
- 21/12/2025
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
- Attack vector
- LOCAL
- Published
- 14/01/2025
- Modified
- 21/12/2025
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
- Published
- 03/11/2021
- Modified
- 21/12/2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 …
- Attack vector
- NETWORK
- Published
- 22/01/2026
- Modified
- 28/01/2026
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
- Published
- 20/12/2025
- Modified
- 21/12/2025
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, …
- Attack vector
- Network
- Published
- 19/05/2025
- Modified
- 21/12/2025
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss …
- Attack vector
- NETWORK
- Published
- 30/01/2023
- Modified
- 21/12/2025
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing …
- Attack vector
- Network
- Published
- 31/03/2025
- Modified
- 28/01/2026