T1110.001: T1110.001
Essential information
- MITRE technique ID
T1110.001- Confidence
- 100/100
- Revoked
- No
- Published
- 11/02/2020 19:38
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Password Guessing
Platforms
windows macos linux Network Devices Containers IaaS ESXi Office Suite Identity Provider SaaS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | credential-access |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (10)
-
The Gentlemen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Storm-0494 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Nexus Team usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Diicot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Larva-26002 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC6240 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DragonForce usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (54)
-
China Chopper usesFamily The MITRE Corporation Confidence 100
[China Chopper](https://attack.mitre.org/software/S0020) is a [Web Shell](https://attack.mitre.org/techniques/T1505/003) hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DragonForce usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GodPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Xbash usesFamily The MITRE Corporation Confidence 100
[Xbash](https://attack.mitre.org/software/S0341) is a malware family that has targeted Linux and Microsoft Windows servers. The malware has been tied to the Iron Group, a threat actor group known for…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Global usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Netcat usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mamona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CoinMiner usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
P.A.S. Webshell usesFamily The MITRE Corporation Confidence 100
[P.A.S. Webshell](https://attack.mitre.org/software/S0598) is a publicly available multifunctional PHP webshell in use since at least 2016 that provides remote access and execution on target web servers.(Citation: ANSSI Sandworm January…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Cobalt Strike Beacon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit 5.0 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackCat - S1068 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (12)
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 1 CVE 20 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 5 CVEs 20 MITREs 2 Malwares 18 IOCs 18 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
3 CVEs 20 MITREs 1 Malware 25 Observables
-
AlienVault Confidence 100 22 MITREs 2 Malwares 29 IOCs 29 Observables
-
2 CVEs 19 MITREs 2 Malwares 14 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 9 Malwares 5 IOCs 5 Observables 1 APT
-
16 MITREs 10 Malwares 1 Observable
-
AlienVault Confidence 100 4 CVEs 11 MITREs 7 Malwares 4 IOCs 4 Observables 1 APT
-
5 MITREs 1 Malware 36 Observables 1 APT
Vulnerabilities (CVE) (17)
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before …
- Attack vector
- Network
- Published
- 04/04/2025
- Modified
- 21/12/2025
Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
- Attack vector
- Network
- Published
- 07/03/2023
- Modified
- 04/06/2026
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/06/2026
- Modified
- 12/06/2026
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to …
- EPSS
- 0.0230 (P85.0%)
- Published
- 04/06/2026
- Modified
- 04/06/2026
- Published
- 20/12/2025
- Modified
- 20/12/2025
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed …
- EPSS
- 0.0037 (P58.9%)
- Published
- 04/06/2026
- Modified
- 04/06/2026
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Published
- 28/03/2022
- Modified
- 21/12/2025
Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …
- Attack vector
- Local
- Published
- 29/09/2025
- Modified
- 27/05/2026
Course Of Action (4)
-
Update Software mitigates
-
Password Policies mitigates
-
Multi-factor Authentication mitigates
-
Account Use Policies mitigates
Tool (1)
-
CrackMapExec usesThe MITRE Corporation Confidence 100
[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted…