T1132: T1132
Essential information
- MITRE technique ID
T1132- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Data Encoding
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
Storm-0249 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA585 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NET_PA1N Reborn usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Punishing Owl usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GreenSpot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Batavia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NewsPenguin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNK_SmudgedSerpent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
Mini Shai-Hulud usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BUBBLEWRAP usesFamily The MITRE Corporation Confidence 100
[BUBBLEWRAP](https://attack.mitre.org/software/S0043) is a full-featured, second-stage backdoor used by the [admin@338](https://attack.mitre.org/groups/G0018) group. It is set to run when the system boots and includes functionality to check, upload, and register…
First seen 01/01/1970 · Last seen 16/11/5138 · -
OilRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ThemeForestRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GRAPELOADER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BirdyClient usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kiron usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
W32.File.MalParent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA428 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FriendDelivery usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
httpTroy usesAlienVault Confidence 100
[HTTPTroy](https://attack.mitre.org/software/S9007) is a highly obfuscated backdoor that facilitates collection, command and control, defense evasion and exfiltration. [HTTPTroy](https://attack.mitre.org/software/S9007) was first reported in October 2025. [HTTPTroy](https://attack.mitre.org/software/S9007) has been observed in…
First seen 01/01/1970 · Last seen 16/11/5138 · -
GRIMBOLT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 17 MITREs 20 IOCs 20 Observables
-
AlienVault Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
-
AlienVault Confidence 100 3 CVEs 20 MITREs 1 Malware 23 IOCs 23 Observables
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
-
AlienVault Confidence 100 16 MITREs 14 IOCs 14 Observables
-
16 MITREs
-
20 MITREs 1 Malware 1 Observable
-
AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 64 IOCs 64 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Vulnerabilities (CVE) (76)
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to …
- Attack vector
- Network
- Published
- 13/09/2024
- Modified
- 21/12/2025
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
- Attack vector
- LOCAL
- Published
- 14/01/2025
- Modified
- 21/12/2025
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel …
- Published
- 03/11/2021
- Modified
- 29/05/2026
Tool (1)
-
Mythic usesThe MITRE Corporation Confidence 100
[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…