T1110.001: T1110.001
Essential information
- MITRE technique ID
T1110.001- Confidence
- 100/100
- Revoked
- No
- Published
- 11/02/2020 19:38
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Password Guessing
Platforms
windows macos linux Network Devices Containers IaaS ESXi Office Suite Identity Provider SaaS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | credential-access |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (10)
-
The Gentlemen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Storm-0494 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Nexus Team usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Diicot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Larva-26002 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC6240 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DragonForce usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (54)
-
Mirai usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CLRShell usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Quantum Locker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ICE Cloud usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
JuicyPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Devman usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackCat usesFamily The MITRE Corporation Confidence 100
[BlackCat](https://attack.mitre.org/software/S1068) is ransomware written in Rust that has been offered via the Ransomware-as-a-Service (RaaS) model. First observed November 2021, [BlackCat](https://attack.mitre.org/software/S1068) has been used to target multiple sectors and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
HermeticWizard usesFamily The MITRE Corporation Confidence 100
[HermeticWizard](https://attack.mitre.org/software/S0698) is a worm that has been used to spread [HermeticWiper](https://attack.mitre.org/software/S0697) in attacks against organizations in Ukraine since at least 2022.(Citation: ESET Hermetic Wizard March 2022)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Prometei usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ransom:Win32/Snatch usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pony usesFamily The MITRE Corporation Confidence 100
[Pony](https://attack.mitre.org/software/S0453) is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (12)
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 1 CVE 20 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 5 CVEs 20 MITREs 2 Malwares 18 IOCs 18 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
3 CVEs 20 MITREs 1 Malware 25 Observables
-
AlienVault Confidence 100 22 MITREs 2 Malwares 29 IOCs 29 Observables
-
2 CVEs 19 MITREs 2 Malwares 14 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 9 Malwares 5 IOCs 5 Observables 1 APT
-
16 MITREs 10 Malwares 1 Observable
-
AlienVault Confidence 100 4 CVEs 11 MITREs 7 Malwares 4 IOCs 4 Observables 1 APT
-
5 MITREs 1 Malware 36 Observables 1 APT
Vulnerabilities (CVE) (17)
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before …
- Attack vector
- Network
- Published
- 04/04/2025
- Modified
- 21/12/2025
Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
- Attack vector
- Network
- Published
- 07/03/2023
- Modified
- 04/06/2026
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/06/2026
- Modified
- 12/06/2026
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to …
- EPSS
- 0.0230 (P85.0%)
- Published
- 04/06/2026
- Modified
- 04/06/2026
- Published
- 20/12/2025
- Modified
- 20/12/2025
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed …
- EPSS
- 0.0037 (P58.9%)
- Published
- 04/06/2026
- Modified
- 04/06/2026
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Published
- 28/03/2022
- Modified
- 21/12/2025
Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …
- Attack vector
- Local
- Published
- 29/09/2025
- Modified
- 27/05/2026
Course Of Action (4)
-
Update Software mitigates
-
Password Policies mitigates
-
Multi-factor Authentication mitigates
-
Account Use Policies mitigates
Tool (1)
-
CrackMapExec usesThe MITRE Corporation Confidence 100
[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted…