T1078.002: T1078.002
Essential information
- MITRE technique ID
T1078.002- Confidence
- 100/100
- Revoked
- No
- Published
- 13/03/2020 21:21
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Domain Accounts
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | initial-access |
| mitre-attack | persistence |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (48)
-
CloudComputating relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonForce relatedRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
FamousSparrow relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GLOBAL GROUP relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Handala Hack (Void Manticore) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Locky relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lunar Spider relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mora_001 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NoisyBear relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA505](https://attack.mitre.org/groups/G0092) is known for frequently changing malware, driving global trends in criminal malware distribution,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Twelve relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (55)
-
SuperBlack usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Mimikatz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HemiGate usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rust backdoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cobalt Strike usesFamily The MITRE Corporation Confidence 100
[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, remote access tool that bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ShadowPad - S0596 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SSLoad usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cactus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackCat - S1068 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FaceFish usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (35)
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
5 CVEs 14 MITREs 2 Malwares 5 Observables
-
12 CVEs 20 MITREs 2 Malwares 4 Observables 1 APT
-
26 MITREs 2 Malwares 19 Observables
-
20 MITREs 52 Observables 1 APT
-
12 CVEs 20 MITREs 1 Observable
-
15 MITREs 5 Malwares 1 APT
-
4 MITREs 1 APT
-
15 MITREs
-
9 MITREs 35 Observables 1 APT
Vulnerabilities (CVE) (40)
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …
- Attack vector
- LOCAL
- Complexity
- LOW
- EPSS
- 0.0001 (P0.6%)
- Published
- 22/04/2026
- Modified
- 23/05/2026
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
- Published
- 24/09/2025
- Modified
- 24/09/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Campaign (8)
-
Operation Wocao uses
-
Operation CuckooBees uses
-
Leviathan Australian Intrusions uses
-
Operation MidnightEclipse uses
-
Night Dragon uses
-
Cutting Edge uses
-
2025 Poland Wiper Attacks uses
-
Operation Ghost uses
Course Of Action (4)
-
User Account Management mitigates
-
Privileged Account Management mitigates
-
User Training mitigates
-
Multi-factor Authentication mitigates