T1094: T1094
Essential information
- MITRE technique ID
T1094- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:43
- Modified
- 29/05/2026 12:20
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:CLEAR
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (6)
-
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CloudWizard usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ITG10 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Grayling usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedEyes usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (23)
-
Orchard uses
-
Manjusaka uses
-
RustBucket usesFamily
-
AndroSpy uses
-
Atomic usesFamily
-
Trojan:Linux/Mirai uses
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Fastviewer uses
-
Gafgyt usesFamily
-
macOS uses
-
m2rat uses
-
Cobalt Strike usesFamily
Reports (3)
-
1 MITRE
-
3 MITREs 1 Malware 3 Observables
-
20 MITREs 2 Malwares 33 Observables 1 APT
Vulnerabilities (CVE) (3)
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 27/04/2017
- Modified
- 22/04/2026
targets
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025