T1114: T1114
Essential information
- MITRE technique ID
T1114- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Email Collection
Platforms
windows macos linux Office Suite
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (59)
-
Poisson relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RansomHub relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Russia relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Sandworm relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ShinyHunters relatedAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Snake Keylogger relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SneakyChef relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Stone Wolf relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (71)
-
HealthKick usesFamily
-
Amos Atomic usesFamily
-
Banshee usesFamily
-
Latrodectus - S1160 usesFamily
-
Cobalt Strike usesFamily
-
Sneaky2FA usesFamily
-
DWP usesFamily
-
BianLian usesFamily
-
StealC usesFamily
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Covenant Grunt usesFamily
-
CommonMagic uses
Reports (50)
-
AlienVault Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 12 MITREs 4 IOCs 4 Observables
-
"Ghost" Code Phishing Analysis relatedAlienVault Confidence 100 20 MITREs 1 Malware
-
AlienVault Confidence 100 20 MITREs 3 IOCs 3 Observables
-
AlienVault Confidence 100 20 MITREs 2 Malwares 13 IOCs 6 Observables 1 APT
-
AlienVault Confidence 100 16 MITREs 14 IOCs 14 Observables
-
16 MITREs
-
AlienVault Confidence 100 1 CVE 20 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 28 MITREs 5 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables 1 APT
-
20 MITREs 39 Observables
Vulnerabilities (CVE) (48)
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …
- Published
- 03/03/2025
- Modified
- 20/12/2025
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML …
- Attack vector
- Network
- Published
- 02/07/2025
- Modified
- 21/12/2025
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 11/04/2022
- Modified
- 20/12/2025
Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …
- Attack vector
- Local
- Published
- 29/09/2025
- Modified
- 27/05/2026
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the …
- Attack vector
- Network
- Published
- 14/03/2023
- Modified
- 21/12/2025
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead …
- Attack vector
- Network
- Published
- 19/08/2024
- Modified
- 21/12/2025
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …
- Attack vector
- Network
- Published
- 03/11/2021
- Modified
- 18/02/2026
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has …
- Published
- 25/04/2022
- Modified
- 20/12/2025
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/10/2017
- Modified
- 22/04/2026
Course Of Action (3)
-
Multi-factor Authentication mitigates
-
Out-of-Band Communications Channel mitigates
-
Encrypt Sensitive Information mitigates