T1081: T1081
Essential information
- MITRE technique ID
T1081- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 21:29
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:CLEAR
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (9)
-
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
zEus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Warzone usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vietnamese group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
breakcore usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedAlpha usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Coper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (34)
-
Redline usesFamily
-
Gigabud usesFamily
-
AndarLoader usesFamily
-
BlackCat uses
-
Gremlin stealer usesFamily
-
GuLoader - S0561 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ModeLoader usesFamily
-
Tambir uses
-
script.py uses
-
VCURMS uses
-
Lokibot - S0447 usesFamily
-
AveMaria Stealer uses
Reports (5)
-
AlienVault Confidence 100 20 MITREs 5 Malwares 12 IOCs 12 Observables
-
16 MITREs 5 Observables
-
20 MITREs 1 Malware 23 Observables 1 APT
-
12 MITREs 1 Malware 18 Observables
-
12 MITREs 1 Malware 11 Observables
Vulnerabilities (CVE) (1)
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability …
- Published
- 03/11/2021
- Modified
- 20/12/2025