T1132: T1132
Essential information
- MITRE technique ID
T1132- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Data Encoding
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
Flax Typhoon relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ForumTroll relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GopherWhisper relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Grandoreiro relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GreedyBear relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Harvester relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lazarus relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Lazarus Group, Kimsuky relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LilacSquid relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lumma Stealer relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
ShadowPad - S0596 usesFamily
-
Ntospy uses
-
Dtrack - S0567 usesFamily
-
Wpeeper usesFamily
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
script.py uses
-
HappyDoor usesFamily
-
agent2.malz usesFamily
-
0debug usesFamily
-
CoinMiner usesFamily
-
Latrodectus usesThe MITRE Corporation Confidence 100
[Latrodectus](https://attack.mitre.org/software/S1160) is a Windows malware downloader that has been used since at least 2023 to download and execute additional payloads and modules. [Latrodectus](https://attack.mitre.org/software/S1160) has most often been distributed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TrackBak usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
18 MITREs 2 Malwares 11 Observables 1 APT
-
2 CVEs 20 MITREs 1 Malware 8 Observables
-
14 MITREs 1 Malware 7 Observables 1 APT
-
18 MITREs 34 Malwares 33 Observables 1 APT
-
20 MITREs 187 Observables 1 APT
-
10 CVEs 16 MITREs 2 Malwares 9 Observables
-
20 MITREs 1 Malware 56 Observables
-
1 CVE 20 MITREs 6 Malwares 20 Observables 1 APT
-
7 MITREs 1 APT
-
19 MITREs 2 Malwares 12 Observables 1 APT
-
17 MITREs 16 Malwares 66 Observables 1 APT
-
16 MITREs 55 Observables 1 APT
Vulnerabilities (CVE) (76)
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a …
- Attack vector
- NETWORK
- Published
- 07/01/2026
- Modified
- 09/03/2026
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …
- Attack vector
- Local
- Published
- 23/10/2024
- Modified
- 09/01/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/11/2021
- Modified
- 20/12/2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by …
- Attack vector
- LOCAL
- Published
- 25/02/2025
- Modified
- 21/12/2025
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the …
- Attack vector
- NETWORK
- EPSS
- 0.0013 (P33.0%)
- Published
- 02/01/2026
- Modified
- 17/06/2026
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
- Published
- 16/05/2022
- Modified
- 20/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …
- Attack vector
- Network
- Published
- 22/02/2024
- Modified
- 28/02/2026
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a …
- Attack vector
- Network
- Published
- 17/07/2023
- Modified
- 27/05/2026
Tool (1)
-
Mythic usesThe MITRE Corporation Confidence 100
[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…