T1132: T1132
Essential information
- MITRE technique ID
T1132- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Data Encoding
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
Storm-0249 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA585 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NET_PA1N Reborn usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Punishing Owl usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GreenSpot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Batavia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NewsPenguin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNK_SmudgedSerpent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
ShadowPad - S0596 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ntospy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dtrack - S0567 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Wpeeper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
script.py usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HappyDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
agent2.malz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
0debug usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CoinMiner usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Latrodectus usesThe MITRE Corporation Confidence 100
[Latrodectus](https://attack.mitre.org/software/S1160) is a Windows malware downloader that has been used since at least 2023 to download and execute additional payloads and modules. [Latrodectus](https://attack.mitre.org/software/S1160) has most often been distributed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TrackBak usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 17 MITREs 20 IOCs 20 Observables
-
AlienVault Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
-
AlienVault Confidence 100 3 CVEs 20 MITREs 1 Malware 23 IOCs 23 Observables
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
-
AlienVault Confidence 100 16 MITREs 14 IOCs 14 Observables
-
16 MITREs
-
20 MITREs 1 Malware 1 Observable
-
AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 64 IOCs 64 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Vulnerabilities (CVE) (76)
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated …
- Attack vector
- NETWORK
- Published
- 23/12/2022
- Modified
- 19/01/2026
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. …
- Attack vector
- Network
- Published
- 06/10/2025
- Modified
- 21/12/2025
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If …
- Attack vector
- Network
- Published
- 19/09/2024
- Modified
- 21/12/2025
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 13/12/2022
- Modified
- 20/12/2025
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …
- Attack vector
- Network
- Published
- 18/11/2024
- Modified
- 21/12/2025
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- Low
- Published
- 29/11/2024
- Modified
- 08/04/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
- Attack vector
- Network
- Published
- 08/11/2022
- Modified
- 14/01/2026
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
- Attack vector
- Local
- Published
- 11/03/2025
- Modified
- 21/12/2025
Tool (1)
-
Mythic usesThe MITRE Corporation Confidence 100
[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…