T1192: T1192
Essential information
- MITRE technique ID
T1192- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:32
- Modified
- 27/05/2026 15:52
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (24)
-
Eugenfest usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
1877 team usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mispadu usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Black Cat usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ITG10 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Wang Duo Yu usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Phorpiex usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GreenSpot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (73)
-
Amadey - S1025 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ShadowRoot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Minisling usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VenomRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DOILoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Spyware usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AdobeUpdateCore.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PUBLOAD usesThe MITRE Corporation Confidence 100
[PUBLOAD](https://attack.mitre.org/software/S1228) is a stager malware that has been observed installing itself in existing directories such as `C:\Users\Public` or creating new directories to stage the malware and its components.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
trojans usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NetSupportRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (45)
-
21 MITREs 4 Malwares 1 APT
-
4 MITREs 2 Observables
-
2 MITREs 3 Malwares
-
7 MITREs 27 Observables
-
7 MITREs 9 Malwares 33 Observables 1 APT
-
5 MITREs 7 Observables
-
5 MITREs 2 Observables
-
7 MITREs 65 Observables
-
11 MITREs 71 Observables 1 APT
-
4 MITREs
-
8 MITREs
-
15 MITREs 1 Malware 57 Observables 1 APT
Vulnerabilities (CVE) (4)
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …
- Published
- 10/05/2022
- Modified
- 20/12/2025
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, …
- Attack vector
- NETWORK
- Published
- 20/02/2024
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025