T1078.002: T1078.002
Essential information
- MITRE technique ID
T1078.002- Confidence
- 100/100
- Revoked
- No
- Published
- 13/03/2020 21:21
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Domain Accounts
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | initial-access |
| mitre-attack | persistence |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (48)
-
Helldown usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Jumpy Pisces usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-STA-1132 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Tycoon Group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Water Bakunawa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Silent Lynx usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlackJack usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (55)
-
SuperBlack usesFamily
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Mimikatz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HemiGate usesFamily
-
Rust backdoor usesFamily
-
Cobalt Strike usesFamily
-
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ShadowPad - S0596 usesFamily
-
SSLoad usesFamily
-
Cactus usesFamily
-
BlackCat - S1068 usesFamily
-
FaceFish usesFamily
Reports (35)
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
5 CVEs 14 MITREs 2 Malwares 5 Observables
-
12 CVEs 20 MITREs 2 Malwares 4 Observables 1 APT
-
26 MITREs 2 Malwares 19 Observables
-
20 MITREs 52 Observables 1 APT
-
12 CVEs 20 MITREs 1 Observable
-
15 MITREs 5 Malwares 1 APT
-
4 MITREs 1 APT
-
15 MITREs
-
9 MITREs 35 Observables 1 APT
Vulnerabilities (CVE) (40)
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …
- Attack vector
- LOCAL
- Complexity
- LOW
- EPSS
- 0.0001 (P0.6%)
- Published
- 22/04/2026
- Modified
- 23/05/2026
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
- Published
- 24/09/2025
- Modified
- 24/09/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Campaign (8)
-
Operation Wocao uses
-
Operation CuckooBees uses
-
Leviathan Australian Intrusions uses
-
Operation MidnightEclipse uses
-
Night Dragon uses
-
Cutting Edge uses
-
2025 Poland Wiper Attacks uses
-
Operation Ghost uses
Course Of Action (4)
-
User Account Management mitigates
-
Privileged Account Management mitigates
-
User Training mitigates
-
Multi-factor Authentication mitigates