T1114: T1114
Essential information
- MITRE technique ID
T1114- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Email Collection
Platforms
windows macos linux Office Suite
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (59)
-
Poisson relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RansomHub relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Russia relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Sandworm relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ShinyHunters relatedAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Snake Keylogger relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SneakyChef relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Stone Wolf relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (71)
-
Stuxnet - S0603 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SampleCheck5000 usesFamily The MITRE Corporation Confidence 100
[SampleCheck5000](https://attack.mitre.org/software/S1168) is a downloader with multiple variants that was used by [OilRig](https://attack.mitre.org/groups/G0049) including during the [Outer Space](https://attack.mitre.org/campaigns/C0042) campaign to download and execute additional payloads. (Citation: ESET OilRig Campaigns…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Warp Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Zagrebator.Dropper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vgod usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AndeLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
W32.Stuxnet usesThe MITRE Corporation Confidence 100
[Stuxnet](https://collaborate.mitre.org/attackics/index.php/Software/S0010) was the first publicly reported piece of malware to specifically target industrial control systems devices. Stuxnet is a large and complex piece of malware that utilized multiple…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Kali365 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hodur usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PS1Bot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 1 CVE 18 MITREs 2 IOCs 2 Observables 1 APT
-
10 MITREs
-
20 MITREs 3 Malwares 7 Observables 1 APT
-
MAAS VIP_Keylogger Campaign related7 MITREs 1 Malware 5 Observables
-
17 MITREs 1 Malware 9 Observables 1 APT
-
15 MITREs 1 Malware 1 Observable
-
14 MITREs 1 Observable
-
14 MITREs 1 Malware 29 Observables
-
1 MITRE 1 Malware 1 APT
-
24 MITREs 3 Malwares 147 Observables 1 APT
-
1 CVE 20 MITREs 6 Malwares 20 Observables 1 APT
-
12 MITREs 1 Malware 12 Observables 1 APT
Vulnerabilities (CVE) (48)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- Published
- 04/04/2022
- Modified
- 20/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 29/05/2026
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during …
- Attack vector
- NETWORK
- Published
- 21/08/2024
- Modified
- 14/01/2026
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, …
- Attack vector
- NETWORK
- Published
- 11/03/2025
- Modified
- 21/12/2025
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from …
- Attack vector
- NETWORK
- Published
- 25/06/2024
- Modified
- 21/12/2025
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be …
- Attack vector
- Network
- Published
- 30/06/2025
- Modified
- 21/12/2025
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Attack vector
- Network
- Published
- 23/09/2022
- Modified
- 27/05/2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. …
- Attack vector
- NETWORK
- Published
- 18/10/2023
- Modified
- 21/12/2025
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
- Published
- 10/01/2022
- Modified
- 20/12/2025
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker …
- Attack vector
- LOCAL
- Published
- 23/03/2022
- Modified
- 21/12/2025
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could …
- Attack vector
- LOCAL
- Published
- 26/01/2026
- Modified
- 27/03/2026
Course Of Action (3)
-
Multi-factor Authentication mitigates
-
Out-of-Band Communications Channel mitigates
-
Encrypt Sensitive Information mitigates