T1078.003: T1078.003

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 13/03/2020 21:26 · Modified 27/03/2026 01:12

Essential information

MITRE technique ID: T1078.003
Confidence: 100/100
Revoked: No
Published: 13/03/2020 21:26
Modified: 27/03/2026 01:12
Author / Source: The MITRE Corporation

Aliases

Local Accounts

Platforms

windows macos linux Network Devices Containers ESXi

Description

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service. Local Accounts may also be abused to elevate privileges and harvest credentials through [OS Credential Dumping](https://attack.mitre.org/techniques/T1003). Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.

Kill chain phases

Kill chain	Phase
mitre-attack	defense-evasion
mitre-attack	initial-access
mitre-attack	persistence
mitre-attack	privilege-escalation

Marking (TLP)

External references

mitre-attack (T1078.003)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (33)

DragonForce uses

Ransomware.Live Confidence 100

No description available

First seen 01/01/1970 · Last seen 16/11/5138 ·
CozyDuke uses IRON RITUALIRON HEMLOCK

The MITRE Corporation Confidence 100

[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…

First seen 01/01/1970 · Last seen 16/11/5138 ·
ROOTBOY uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Jumpy Pisces uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Trigona uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Turla uses IRON HUNTERGroup 88

The MITRE Corporation Confidence 100

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Tropic Trooper uses Pirate PandaKeyBoy

The MITRE Corporation Confidence 100

[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
CrazyHunter uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
RansomEXX uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
rhysida uses

Ransomware.Live Confidence 100

Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware through phishing attacks and Cobalt Strike to breach the targets' networks…

First seen 01/01/1970 · Last seen 16/11/5138 ·
PROMETHIUM uses StrongPity

The MITRE Corporation Confidence 100

[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish…

First seen 01/01/1970 · Last seen 16/11/5138 ·
akira uses GOLD SAHARAPUNK SPIDER

The MITRE Corporation Confidence 100

The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 3

1–12 of 33

ChrGetPdsi uses

Family
Mimikatz uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
LEMONSTICK uses

Family
Burntcigar uses
RomCom uses

Family
LockBit uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
BlackByteNT uses

Family
Sliver uses

Family
SystemBC uses

AlienVault Confidence 100

[SystemBC](https://attack.mitre.org/software/S9001) is a malware family offered as a malware-as-a-service (MaaS) that is used to establish command and control and facilitate follow-on activity, including ransomware deployment.[SystemBC](https://attack.mitre.org/software/S9001) executes a variety…

First seen 01/01/1970 · Last seen 16/11/5138 ·
AteraAgent uses

Family
Quasar RAT uses

Family
Trigona uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

1–12 of 63

Prinz Eugen ransomware: a deep dive into a … related

AlienVault Confidence 100 17 MITREs 1 Malware 16 IOCs 14 Observables 1 APT
OptinMonster supply chain attack hits 1.2 million sites related

AlienVault Confidence 100 20 MITREs 10 IOCs 10 Observables
Preinstall to persistence: Inside the npm Miasma credential-stealing … related

AlienVault Confidence 100 20 MITREs 6 IOCs 6 Observables
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
Unmasking DPRK Cyber Threat Actors: Fake IT Worker … related

AlienVault Confidence 100 16 MITREs 3 IOCs 3 Observables 1 APT
Live off the Land? How About Bringing Your … related

2 CVEs 20 MITREs 10 Malwares 5 Observables 1 APT
How a Tax Search Leads to Kernel-Mode AV/EDR … related

14 MITREs 2 Malwares 12 Observables
The DragonForce Cartel: Scattered Spider at the gate related

15 MITREs 5 Malwares 1 APT
Analysis of Trigona Threat Actor's Latest Attack Cases related

18 MITREs 2 Malwares 5 Observables 1 APT
Three Lazarus RATs coming for your cheese related

24 MITREs 1 APT
Warning Against Distribution of Malware Disguised as Research … related

14 MITREs 3 Observables 1 APT
CoffeeLoader: A Brew of Stealthy Techniques related

15 MITREs 3 Malwares 5 Observables

← Previous

Page / 2

1–12 of 21

Vulnerabilities (CVE) (18)

CVE-2024-23897 KEV targets

9.8 Critical

Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead …

Attack vector: Network
Published: 19/08/2024
Modified: 21/12/2025

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

CVE-2025-31199 targets

5.5 Medium

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, …

Attack vector: Local
Complexity: Low
Published: 30/05/2025
Modified: 02/04/2026

CWE-532 Awaiting Analysis

CVE-2025-31324 KEV targets

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

CVE-2024-27199 KEV targets

7.3 High

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

Attack vector: NETWORK
Complexity: LOW
Published: 04/03/2024
Modified: 22/04/2026

CWE-23 CWE-22

CVE-2021-22205 KEV targets

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …

Published: 03/11/2021
Modified: 20/12/2025

← Previous

Page / 2

13–18 of 18

T1078 subtechnique-of

Valid Accounts MITRE

Course Of Action (2)

Password Policies mitigates
User Account Management mitigates

Campaign (4)

Leviathan Australian Intrusions uses
Operation Wocao uses
Anthropic AI-orchestrated Campaign uses
SolarWinds Compromise uses

Contact About Legal notice Privacy policy Terms of use