T1087.001: T1087.001
Essential information
- MITRE technique ID
T1087.001- Confidence
- 100/100
- Revoked
- No
- Published
- 21/02/2020 22:07
- Modified
- 21/04/2026 11:28
- Author / Source
- The MITRE Corporation
Aliases
Local Account
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | discovery |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (35)
-
UAC-0006 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Poseidon Group usesThe MITRE Corporation Confidence 100
[Poseidon Group](https://attack.mitre.org/groups/G0033) is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Sukob usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Medusa Group usesThe MITRE Corporation Confidence 100
[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as a closed ransomware group before evolving into a Ransomware-as-a-Service (RaaS) operation. Some reporting indicates…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlackCat usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedCurl usesThe MITRE Corporation Confidence 100
[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Lunar Spider usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (69)
-
Pikabot usesThe MITRE Corporation Confidence 100
[Pikabot](https://attack.mitre.org/software/S1145) is a backdoor used for initial access and follow-on tool deployment active since early 2023. [Pikabot](https://attack.mitre.org/software/S1145) is notable for extensive use of multiple encoding, encryption, and defense…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BackConnect usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GOVERSHELL usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
W32.Stuxnet usesThe MITRE Corporation Confidence 100
[Stuxnet](https://collaborate.mitre.org/attackics/index.php/Software/S0010) was the first publicly reported piece of malware to specifically target industrial control systems devices. Stuxnet is a large and complex piece of malware that utilized multiple…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ShadowPad - S0596 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SquidDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONESHELL usesThe MITRE Corporation Confidence 100
[TONESHELL](https://attack.mitre.org/software/S1239) is a custom backdoor that has been used since at least Q1 2021.(Citation: Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023) [TONESHELL](https://attack.mitre.org/software/S1239) malware has previously been leveraged…
First seen 01/01/1970 · Last seen 16/11/5138 · -
POWERSTATS usesFamily The MITRE Corporation Confidence 100
[POWERSTATS](https://attack.mitre.org/software/S0223) is a PowerShell-based first stage backdoor used by [MuddyWater](https://attack.mitre.org/groups/G0069). (Citation: Unit 42 MuddyWater Nov 2017)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Agamemnon downloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
chromelevator usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
crypto-javascri usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlueHammer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (23)
-
17 MITREs 7 Observables
-
25 MITREs 2 Malwares 9 Observables 1 APT
-
32 MITREs 6 Malwares
-
18 MITREs 8 Malwares 12 Observables 1 APT
-
1 CVE 26 MITREs 4 Malwares 20 Observables 1 APT
-
32 MITREs 6 Malwares 45 Observables
-
17 MITREs 3 Malwares 17 Observables 1 APT
-
6 MITREs 2 Malwares 1 Observable 1 APT
-
3 CVEs 32 MITREs 1 Malware 2 Observables 1 APT
-
33 MITREs 6 Malwares 33 Observables
-
10 MITREs 2 Malwares 31 Observables 1 APT
Vulnerabilities (CVE) (14)
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 14/05/2026
- Modified
- 18/06/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Campaign (2)
-
Operation CuckooBees uses
-
Operation Digital Eye uses
Tool (4)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…
-
Net usesThe MITRE Corporation Confidence 100
The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…
-
BloodHound usesThe MITRE Corporation Confidence 100
[BloodHound](https://attack.mitre.org/software/S0521) is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.(Citation: GitHub Bloodhound)(Citation: CrowdStrike BloodHound April 2018)(Citation: FoxIT…
-
PowerSploit usesThe MITRE Corporation Confidence 100
[PowerSploit](https://attack.mitre.org/software/S0194) is an open source, offensive security framework comprised of [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules and scripts that perform a wide range of tasks related to penetration testing such as code…
Course Of Action (1)
-
Operating System Configuration mitigates