T1115: T1115
Essential information
- MITRE technique ID
T1115- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Clipboard Data
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (50)
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
GoldenJackal usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GoldFactory usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TaxOff usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-26 (Lazarus) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-35 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Amadey relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Banshee relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Candiru relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (84)
-
GodRAT usesFamily
-
KarstoRAT usesFamily
-
SnappyClient usesFamily
-
SPECTR usesFamily
-
Astaroth - S0373 usesFamily
-
RedLine Stealer usesFamily
-
DeepCreep uses
-
Clipminer uses
-
DanaBot usesFamily
-
AsyncRAT usesFamily
-
Odyssey usesFamily
-
FakeCrack uses
Reports (50)
-
AlienVault Confidence 100 9 MITREs 2 Malwares 26 IOCs 10 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 64 IOCs 64 Observables
-
AlienVault Confidence 100 23 MITREs 1 Malware 8 IOCs 8 Observables
-
20 MITREs 8 Malwares 8 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 5 Malwares 12 IOCs 12 Observables
-
21 MITREs 2 Malwares 9 Observables 1 APT
-
AlienVault Confidence 100 25 MITREs 1 Malware 6 IOCs 6 Observables
-
19 MITREs 4 Malwares 46 Observables 1 APT
-
The AI Frame Campaign Continues related20 MITREs 1 Observable
-
AlienVault Confidence 100 20 MITREs 36 IOCs 36 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 2 Malwares 25 IOCs 25 Observables
-
12 MITREs 1 Malware 1 Observable
Vulnerabilities (CVE) (15)
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 27/05/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
targets
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 20/12/2025
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Published
- 08/04/2025
- Modified
- 21/12/2025