T1078.003: T1078.003
Essential information
- MITRE technique ID
T1078.003- Confidence
- 100/100
- Revoked
- No
- Published
- 13/03/2020 21:26
- Modified
- 27/03/2026 01:12
- Author / Source
- The MITRE Corporation
Aliases
Local Accounts
Platforms
windows macos linux Network Devices Containers ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | initial-access |
| mitre-attack | persistence |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (33)
-
play usesThe MITRE Corporation Confidence 100
Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numerous organizations in Latin America. Its Initial Access method is quite similar to…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackJack usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 · -
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FIN10 usesThe MITRE Corporation Confidence 100
[FIN10](https://attack.mitre.org/groups/G0051) is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Agenda relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Weaver Ant relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (63)
-
ChrGetPdsi usesFamily
-
Mimikatz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LEMONSTICK usesFamily
-
Burntcigar uses
-
RomCom usesFamily
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackByteNT usesFamily
-
Sliver usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SystemBC usesAlienVault Confidence 100
[SystemBC](https://attack.mitre.org/software/S9001) is a malware family offered as a malware-as-a-service (MaaS) that is used to establish command and control and facilitate follow-on activity, including ransomware deployment.[SystemBC](https://attack.mitre.org/software/S9001) executes a variety…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AteraAgent usesFamily
-
Quasar RAT usesFamily
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (21)
-
26 MITREs 2 Malwares 1 Observable 1 APT
-
4 CVEs 19 MITREs 1 Malware 15 Observables 1 APT
-
Play Ransomware Engagement related17 MITREs 3 Malwares 1 APT
-
1 CVE 16 MITREs 1 Observable
-
15 MITREs 2 Malwares 44 Observables 1 APT
-
14 MITREs 4 Malwares 106 Observables 1 APT
-
20 MITREs 3 Malwares 1 Observable 1 APT
-
21 MITREs 2 Malwares 4 Observables 1 APT
-
1 CVE 27 MITREs 1 Malware 18 Observables 1 APT
Vulnerabilities (CVE) (18)
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead …
- Attack vector
- Network
- Published
- 19/08/2024
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, …
- Attack vector
- Local
- Complexity
- Low
- Published
- 30/05/2025
- Modified
- 02/04/2026
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/03/2024
- Modified
- 22/04/2026
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Course Of Action (2)
-
Password Policies mitigates
-
User Account Management mitigates
Campaign (4)
-
Leviathan Australian Intrusions uses
-
Operation Wocao uses
-
Anthropic AI-orchestrated Campaign uses
-
SolarWinds Compromise uses