T1136.001: T1136.001
Essential information
- MITRE technique ID
T1136.001- Confidence
- 100/100
- Revoked
- No
- Published
- 28/01/2020 14:50
- Modified
- 20/04/2026 12:52
- Author / Source
- The MITRE Corporation
Aliases
Local Account
Platforms
windows macos linux Network Devices Containers ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | persistence |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (27)
-
The MITRE Corporation Confidence 100
[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. [FIN13](https://attack.mitre.org/groups/G1016) achieves…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Mora_001 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAT-8099 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Earth Lamia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
INJ3CTOR3 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC5537 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Fox Tempest usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (70)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RagnarLocker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DarkGate usesFamily The MITRE Corporation Confidence 100
[DarkGate](https://attack.mitre.org/software/S1111) first emerged in 2018 and has evolved into an initial access and data gathering tool associated with various criminal cyber operations. Written in Delphi and named "DarkGate"…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Qilin usesThe MITRE Corporation Confidence 100
[Qilin](https://attack.mitre.org/software/S1242) ransomware is a Ransomware-as-a-Service (RaaS) that has been active since at least 2022 with versions written in Golang and Rust that are capable of targeting Windows or…
First seen 01/01/1970 · Last seen 16/11/5138 · -
LB3.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ZxShell usesFamily The MITRE Corporation Confidence 100
[ZxShell](https://attack.mitre.org/software/S0412) is a remote administration tool and backdoor that can be downloaded from the Internet, particularly from Chinese hacker websites. It has been used since at least 2004.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Termite usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NetBird usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Advanced IP Scanner usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mimic usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Brave Prince - S0252 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Veaamp usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (19)
-
17 MITREs 2 Malwares 23 Observables 1 APT
-
16 MITREs 5 Malwares 1 APT
-
5 MITREs
-
1 CVE 16 MITREs 1 Observable
-
3 CVEs 32 MITREs 1 Malware 2 Observables 1 APT
-
14 MITREs 7 Malwares 48 Observables 1 APT
-
12 MITREs 3 Malwares 24 Observables
Vulnerabilities (CVE) (17)
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands …
- Attack vector
- Network
- Published
- 04/12/2024
- Modified
- 21/12/2025
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected …
- Attack vector
- Network
- Published
- 02/06/2025
- Modified
- 21/12/2025
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
- Attack vector
- Network
- Published
- 07/03/2024
- Modified
- 21/12/2025
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the …
- Attack vector
- NETWORK
- Complexity
- Low
- Published
- 21/11/2019
- Modified
- 18/06/2026
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/03/2024
- Modified
- 22/04/2026
Tool (3)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…
-
Empire usesThe MITRE Corporation Confidence 100
[Empire](https://attack.mitre.org/software/S0363) is an open-source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents…
-
Net usesThe MITRE Corporation Confidence 100
The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…
Course Of Action (2)
-
Privileged Account Management mitigates
-
Multi-factor Authentication mitigates