T1136.001: T1136.001
Essential information
- MITRE technique ID
T1136.001- Confidence
- 100/100
- Revoked
- No
- Published
- 28/01/2020 14:50
- Modified
- 20/04/2026 12:52
- Author / Source
- The MITRE Corporation
Aliases
Local Account
Platforms
windows macos linux Network Devices Containers ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | persistence |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (27)
-
The MITRE Corporation Confidence 100
[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. [FIN13](https://attack.mitre.org/groups/G1016) achieves…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Mora_001 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAT-8099 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Earth Lamia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
INJ3CTOR3 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC5537 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Fox Tempest usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (70)
-
updf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NiceRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
EncystPHP usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Raccoon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SMOKEDHAM usesFamily The MITRE Corporation Confidence 100
[SMOKEDHAM](https://attack.mitre.org/software/S0649) is a Powershell-based .NET backdoor that was first reported in May 2021; it has been used by at least one ransomware-as-a-service affiliate.(Citation: FireEye Shining A Light on…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Hildegard usesFamily The MITRE Corporation Confidence 100
[Hildegard](https://attack.mitre.org/software/S0601) is malware that targets misconfigured kubelets for initial access and runs cryptocurrency miner operations. The malware was first observed in January 2021. The TeamTNT activity group is…
First seen 01/01/1970 · Last seen 16/11/5138 · -
MetaStealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hancitor usesFamily The MITRE Corporation Confidence 100
[Hancitor](https://attack.mitre.org/software/S0499) is a downloader that has been used by [Pony](https://attack.mitre.org/software/S0453) and other information stealing malware.(Citation: Threatpost Hancitor)(Citation: FireEye Hancitor)
First seen 01/01/1970 · Last seen 16/11/5138 · -
FROSTBITE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cobalt Strike usesFamily The MITRE Corporation Confidence 100
[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, remote access tool that bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced…
First seen 01/01/1970 · Last seen 16/11/5138 · -
SimpleHelp usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Carbanak usesFamily The MITRE Corporation Confidence 100
[Carbanak](https://attack.mitre.org/software/S0030) is a full-featured, remote backdoor used by a group of the same name ([Carbanak](https://attack.mitre.org/groups/G0008)). It is intended for espionage, data exfiltration, and providing remote access to infected…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (19)
-
17 MITREs 2 Malwares 23 Observables 1 APT
-
16 MITREs 5 Malwares 1 APT
-
5 MITREs
-
1 CVE 16 MITREs 1 Observable
-
3 CVEs 32 MITREs 1 Malware 2 Observables 1 APT
-
14 MITREs 7 Malwares 48 Observables 1 APT
-
12 MITREs 3 Malwares 24 Observables
Vulnerabilities (CVE) (17)
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands …
- Attack vector
- Network
- Published
- 04/12/2024
- Modified
- 21/12/2025
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected …
- Attack vector
- Network
- Published
- 02/06/2025
- Modified
- 21/12/2025
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
- Attack vector
- Network
- Published
- 07/03/2024
- Modified
- 21/12/2025
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the …
- Attack vector
- NETWORK
- Complexity
- Low
- Published
- 21/11/2019
- Modified
- 18/06/2026
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/03/2024
- Modified
- 22/04/2026
Tool (3)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…
-
Empire usesThe MITRE Corporation Confidence 100
[Empire](https://attack.mitre.org/software/S0363) is an open-source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents…
-
Net usesThe MITRE Corporation Confidence 100
The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…
Course Of Action (2)
-
Privileged Account Management mitigates
-
Multi-factor Authentication mitigates