T1110.003: T1110.003
Essential information
- MITRE technique ID
T1110.003- Confidence
- 100/100
- Revoked
- No
- Published
- 11/02/2020 19:39
- Modified
- 22/06/2026 11:30
- Author / Source
- The MITRE Corporation
Aliases
Password Spraying
Platforms
windows macos linux Network Devices Containers IaaS ESXi Office Suite Identity Provider SaaS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | credential-access |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (16)
-
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC1549 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RansomHub usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Chimera usesThe MITRE Corporation Confidence 100
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (34)
-
PDQ usesFamily
-
StageComp usesFamily
-
DinDoor usesFamily
-
FakeSet usesFamily
-
EKZ Infostealer usesFamily
-
Metasploit usesFamily
-
DcRAT usesFamily
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Global usesFamily
-
ZeroCleare usesFamily The MITRE Corporation Confidence 100
[ZeroCleare](https://attack.mitre.org/software/S1151) is a wiper malware that has been used in conjunction with the [RawDisk](https://attack.mitre.org/software/S0364) driver since at least 2019 by suspected Iran-nexus threat actors including activity targeting the…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (7)
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
1 CVE 20 MITREs 10 Malwares 1 Observable 1 APT
-
8 MITREs 16 Observables 1 APT
-
25 MITREs 2 Malwares 9 Observables 1 APT
-
11 MITREs 1 Malware 9 Observables 1 APT
-
9 CVEs 23 MITREs 4 Malwares 14 Observables 1 APT
Vulnerabilities (CVE) (15)
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or …
- Attack vector
- Network
- Published
- 13/06/2023
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
- Attack vector
- Network
- Published
- 19/07/2023
- Modified
- 27/05/2026
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.9410 (P99.9%)
- Published
- 06/05/2017
- Modified
- 22/04/2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/04/2026
- Modified
- 09/04/2026
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …
- Published
- 28/01/2022
- Modified
- 21/12/2025
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 13/05/2026
- Modified
- 10/06/2026
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 17/03/2017
- Modified
- 22/04/2026
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow …
- Attack vector
- Network
- Published
- 31/10/2023
- Modified
- 21/12/2025
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways …
- Attack vector
- Network
- Published
- 30/05/2024
- Modified
- 04/03/2026
Course Of Action (3)
-
Password Policies mitigates
-
Multi-factor Authentication mitigates
-
Account Use Policies mitigates
Campaign (2)
-
Quad7 Activity uses
-
APT28 Nearest Neighbor Campaign uses
Tool (2)
-
MailSniper usesThe MITRE Corporation Confidence 100
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be…
-
CrackMapExec usesThe MITRE Corporation Confidence 100
[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted…