T1078.002: T1078.002
Essential information
- MITRE technique ID
T1078.002- Confidence
- 100/100
- Revoked
- No
- Published
- 13/03/2020 21:21
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Domain Accounts
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | initial-access |
| mitre-attack | persistence |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (48)
-
CL-CRI-1032 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Weaver Ant usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Naikon usesThe MITRE Corporation Confidence 100
[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-STA-0048 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ransomhouse usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
FROZEN#SHADOW usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CrazyHunter usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Agenda relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (55)
-
SuperBlack usesFamily
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Mimikatz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HemiGate usesFamily
-
Rust backdoor usesFamily
-
Cobalt Strike usesFamily
-
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ShadowPad - S0596 usesFamily
-
SSLoad usesFamily
-
Cactus usesFamily
-
BlackCat - S1068 usesFamily
-
FaceFish usesFamily
Reports (35)
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
5 CVEs 14 MITREs 2 Malwares 5 Observables
-
12 CVEs 20 MITREs 2 Malwares 4 Observables 1 APT
-
26 MITREs 2 Malwares 19 Observables
-
20 MITREs 52 Observables 1 APT
-
12 CVEs 20 MITREs 1 Observable
-
15 MITREs 5 Malwares 1 APT
-
4 MITREs 1 APT
-
15 MITREs
-
9 MITREs 35 Observables 1 APT
Vulnerabilities (CVE) (40)
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …
- Attack vector
- LOCAL
- Complexity
- LOW
- EPSS
- 0.0001 (P0.6%)
- Published
- 22/04/2026
- Modified
- 23/05/2026
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
- Published
- 24/09/2025
- Modified
- 24/09/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Campaign (8)
-
Operation Wocao uses
-
Operation CuckooBees uses
-
Leviathan Australian Intrusions uses
-
Operation MidnightEclipse uses
-
Night Dragon uses
-
Cutting Edge uses
-
2025 Poland Wiper Attacks uses
-
Operation Ghost uses
Course Of Action (4)
-
User Account Management mitigates
-
Privileged Account Management mitigates
-
User Training mitigates
-
Multi-factor Authentication mitigates