216.73.217.22

T1195: T1195

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:09

Essential information

MITRE technique ID
T1195
Confidence
100/100
Revoked
No
Published
16/12/2025 19:37
Modified
27/03/2026 01:09
Author / Source
The MITRE Corporation

Aliases

Supply Chain Compromise

Platforms

windows macos linux SaaS

Description

Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including: * Manipulation of development tools * Manipulation of a development environment * Manipulation of source code repositories (public or private) * Manipulation of source code in open-source dependencies * Manipulation of software update/distribution mechanisms * Compromised/infected system images (removable media infected at the factory)(Citation: IBM Storwize)(Citation: Schneider Electric USB Malware) * Replacement of legitimate software with modified versions * Sales of modified/counterfeit products to legitimate distributors * Shipment interdiction While supply chain compromise can impact any component of hardware or software, adversaries looking to gain execution have often focused on malicious additions to legitimate software in software distribution or update channels.(Citation: Avast CCleaner3 2018)(Citation: Microsoft Dofoil 2018)(Citation: Command Five SK 2011) Adversaries may limit targeting to a desired victim set or distribute malicious software to a broad set of consumers but only follow up with specific victims.(Citation: Symantec Elderwood Sept 2012)(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011) Popular open-source projects that are used as dependencies in many applications may also be targeted as a means to add malicious code to users of the dependency.(Citation: Trendmicro NPM Compromise) In some cases, adversaries may conduct “second-order” supply chain compromises by leveraging the access gained from an initial supply chain compromise to further compromise a software component.(Citation: Krebs 3cx overview 2023) This may allow the threat actor to spread to even more victims.

Kill chain phases

Kill chainPhase
mitre-attack initial-access

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (53)

  • APT41 uses Wicked PandaBrass Typhoon
    The MITRE Corporation Confidence 100

    [APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Sandworm Team uses ELECTRUMTelebots
    The MITRE Corporation Confidence 100

    [Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Gamaredon Group uses IRON TILDENPrimitive Bear
    The MITRE Corporation Confidence 100

    [Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • UAC-0006 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:55 · Modified 21/12/2025 12:11
  • OilRig uses COBALT GYPSYIRN2
    The MITRE Corporation Confidence 100

    [OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Unfurling Hemlock uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:40 · Modified 21/12/2025 05:40
  • Phoenix Hyena uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:35 · Modified 21/12/2025 13:35
  • StormBamboo uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:17 · Modified 21/12/2025 06:17
  • TeamPCP uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/03/2026 22:18 · Modified 20/03/2026 22:18
  • Diplomatic Orbiter uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:13 · Modified 21/12/2025 02:13
  • Kimsuky and Andariel uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:20 · Modified 21/12/2025 05:20
  • FAMOUS CHOLLIMA uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:18 · Modified 13/05/2026 17:36
  • Scattered Spider uses Roasted 0ktapusOcto Tempest
    The MITRE Corporation Confidence 100

    [Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Agenda uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:26 · Modified 21/12/2025 03:26
  • NullBulge uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:59 · Modified 21/12/2025 05:59
  • Muddled Libra uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:53 · Modified 21/12/2025 00:53
  • Lazarus uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
  • SneakyChef uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:59 · Modified 21/12/2025 04:59
  • PikaBot uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:44 · Modified 21/12/2025 04:02
  • Lazarus Group uses HIDDEN COBRAGuardians of Peace
    The MITRE Corporation Confidence 100

    [Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Void Manticore uses COBALT MYSTIQUEHandala Hack
    AlienVault Confidence 100

    [VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:51 · Modified 04/05/2026 16:33
  • Kimsuky uses Black BansheeVelvet Chollima
    The MITRE Corporation Confidence 100

    [Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • MOIS (Ministry of Intelligence and Security) uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 11/03/2026 11:36 · Modified 11/03/2026 11:36
  • Funnull uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:41 · Modified 03/03/2026 18:14
  • GrewApacha uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:58 · Modified 21/12/2025 05:58
  • Gleaming Pisces uses UNC1720UNC4736
    The MITRE Corporation Confidence 100

    [AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:59
  • Ping3r and Rodrigo uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:04 · Modified 21/12/2025 07:04
  • Juiceledger uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:03 · Modified 20/12/2025 22:03
  • BRONZE BUTLER uses REDBALDKNIGHTTick
    The MITRE Corporation Confidence 100

    [BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Knight uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:34 · Modified 21/12/2025 01:34
  • TA423 APT40 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:01 · Modified 20/12/2025 22:01
  • Socgholish uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:07 · Modified 21/12/2025 07:54
  • Daggerfly uses BRONZE HIGHLANDEvasive Panda
    The MITRE Corporation Confidence 100

    [Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • APT45 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:37 · Modified 21/12/2025 05:37
  • Saint Bear uses UNC2589Bleeding Bear
    The MITRE Corporation Confidence 100

    [Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • DPRK uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:19 · Modified 20/12/2025 23:19
  • 8220 Mining Gang related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:44 · Modified 21/12/2025 05:44
  • APT-C-26 (Lazarus) related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:49 · Modified 21/12/2025 00:49
  • APT-C-35 related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:55 · Modified 20/12/2025 21:55
  • APT42 related
    The MITRE Corporation Confidence 100

    [APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Agrius related Pink SandstormAMERICIUM
    The MITRE Corporation Confidence 100

    [Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation: …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Blackwood related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:55 · Modified 21/12/2025 02:55
  • Earth Kapre related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:38 · Modified 21/12/2025 03:38
  • Eugenfest related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:41 · Modified 21/12/2025 05:41
  • Fighting Ursa related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:47 · Modified 21/12/2025 05:47
  • GlassWorm related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 18:54 · Modified 21/12/2025 18:54
  • LockBit, Cl0p, Refined Kitten, Wicked Panda, Fancy Bear related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 07/05/2026 10:42 · Modified 07/05/2026 10:42
  • Manic Menagerie related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:49 · Modified 21/12/2025 00:49
  • Moonstone Sleet related Storm-1789
    The MITRE Corporation Confidence 100

    [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • PlushDaemon related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:10 · Modified 21/12/2025 10:10
  • Shai-Hulud related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 19:07 · Modified 21/12/2025 19:18
  • Sidewinder related T-APT-04Rattlesnake
    The MITRE Corporation Confidence 100

    [Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Thrip related DRAGONFISHSpring Dragon
    The MITRE Corporation Confidence 100

    [Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14

Malware (123)

  • SHATTEREDGLASS uses
    Family
    Published 26/07/2024 08:51 · Modified 26/07/2024 08:51
  • Buhti
  • XMRig uses
    Family
    Published 28/05/2026 10:56 · Modified 28/05/2026 10:56
  • Trojan.XML.CRUDLER.A
  • SentinelSneak
  • K4Spreader uses
    Family
    Published 01/10/2024 10:08 · Modified 01/10/2024 10:08
  • TeaBot uses
    Family
    Published 13/04/2026 14:27 · Modified 13/04/2026 14:27
  • YCollection uses
    Family
    Published 26/08/2024 12:43 · Modified 26/08/2024 12:43
  • BlackCat
  • EugenLoader uses
    Family
    Published 11/07/2024 11:51 · Modified 11/07/2024 11:51
  • VSingle
  • Fantasy wiper
  • RedLine Stealer uses
    Family
    Published 14/12/2024 07:04 · Modified 14/12/2024 07:04
  • StealC uses
    Family
    Published 27/03/2026 08:46 · Modified 27/03/2026 08:46
  • BLINDINGCAN
  • CastleLoader uses
    Family
    Published 04/06/2026 22:52 · Modified 04/06/2026 22:52
  • Backdoor.Oldrea - S0093 uses
    Family
    Published 06/06/2024 07:22 · Modified 06/06/2024 07:22
  • CXCLNT uses
    Family
    Published 13/05/2025 18:41 · Modified 13/05/2025 18:41
  • StealthMutant
  • FakeBat uses
    Family
    Published 11/11/2024 09:50 · Modified 11/11/2024 09:50
  • QakBot uses
    Family
    Published 30/05/2024 14:20 · Modified 30/05/2024 14:20
  • Dtrack
  • Exodus Wallet
  • Cerberus uses
    Family
    Published 19/03/2026 11:00 · Modified 19/03/2026 11:00
  • TrollAgent uses
    Family
    Published 06/08/2024 14:12 · Modified 06/08/2024 14:12
  • LemonDuck uses
    Family
    Published 14/10/2024 10:41 · Modified 14/10/2024 10:41
  • Remcos uses
    Family
    Published 05/05/2026 18:45 · Modified 05/05/2026 18:45
  • Poseidon Mythic
  • PlugX - S0013 uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • Comebacker uses
    Family
    Published 10/11/2025 11:12 · Modified 10/11/2025 11:12
  • Maui
  • Tick
  • DanaBot uses
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28
  • Luna Grabber
  • LockBit Black uses
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
  • Roaming Mantis
  • BlackCat - S1068 uses
    Family
    Published 06/11/2025 14:16 · Modified 06/11/2025 14:16
  • Ryuk
  • Havoc uses
    Family
    Published 08/06/2026 10:30 · Modified 08/06/2026 10:30
  • SVR Cyber
  • AsyncRAT uses
    Family
    Published 11/06/2026 16:31 · Modified 11/06/2026 16:31
  • FakeSet uses
    Family
    Published 10/03/2026 21:10 · Modified 10/03/2026 21:10
  • Kimsuky uses
    Family
    Published 11/06/2025 22:07 · Modified 11/06/2025 22:07
  • ReVBShell
  • Hydraq - S0203 uses
    Family
    Published 20/05/2026 17:45 · Modified 20/05/2026 17:45
  • POCOSTICK uses
    Family
    Published 05/08/2024 11:29 · Modified 05/08/2024 11:29
  • Lorem Ipsum uses
    Family
    Published 04/05/2026 23:46 · Modified 04/05/2026 23:46
  • Kaolin uses
    Family
    Published 02/09/2024 20:46 · Modified 02/09/2024 20:46
  • PaykLoader uses
    Family
    Published 02/07/2024 08:33 · Modified 02/07/2024 08:33
  • Async RAT uses
    Family
    Published 01/03/2026 05:26 · Modified 01/03/2026 05:26
  • DeTankWar uses
    Family
    Published 29/05/2024 11:12 · Modified 29/05/2024 11:12
  • MacMa
  • Netboy
  • DoraRAT uses
    Family
    Published 06/08/2024 14:12 · Modified 06/08/2024 14:12
  • RIFLE uses
    Family
    Published 26/07/2024 08:51 · Modified 26/07/2024 08:51
  • Cryptonite
  • TellYouThePass uses
    Family
    Published 11/07/2024 13:06 · Modified 11/07/2024 13:06
  • Chrysalis backdoor uses
    Family
    Published 03/02/2026 12:08 · Modified 03/02/2026 12:08
  • BiBi wiper uses
    Family
    Published 02/06/2026 14:38 · Modified 02/06/2026 14:38
  • Trojan.Win64.CRUDLER.A
  • TutClient
  • W4SP
  • Juicestealer
  • Trojan:MSIL/RedLineStealer
  • Mystic Stealer uses
    Family
    Published 01/07/2024 10:54 · Modified 01/07/2024 10:54
  • Sidewinder
  • NetSupport uses
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28
  • Cahnadr
  • Redline uses
    Family
    Published 08/05/2026 11:31 · Modified 08/05/2026 11:31
  • YouieLoad uses
    Family
    Published 29/05/2024 11:12 · Modified 29/05/2024 11:12
  • Chalubo uses
    Family
    Published 04/06/2024 15:58 · Modified 04/06/2024 15:58
  • Elephant
  • Tsundere Botnet uses
    Family
    Published 23/04/2026 14:16 · Modified 23/04/2026 14:16
  • CloudSorcerer uses
    Family
    Published 05/05/2026 14:07 · Modified 05/05/2026 14:07
  • VMConnect
  • Warp AV Killer uses
    Family
    Published 11/07/2024 13:06 · Modified 11/07/2024 13:06
  • Meduza Stealer uses
    Family
    Published 20/08/2025 18:39 · Modified 20/08/2025 18:39
  • SectopRAT uses
    Family
    Published 26/05/2026 15:20 · Modified 26/05/2026 15:20
  • 3PROXY uses
    Family
    Published 26/07/2024 08:51 · Modified 26/07/2024 08:51
  • SpiceRAT uses
    Family
    Published 28/06/2024 07:35 · Modified 28/06/2024 07:35
  • BlackSuit uses
    Family
    Published 07/08/2025 18:57 · Modified 07/08/2025 18:57
  • SmokeLoader uses
    Family
    Published 16/09/2025 08:02 · Modified 16/09/2025 08:02
  • CobaltStrike uses
    Family
    Published 31/10/2025 09:30 · Modified 31/10/2025 09:30
  • Nitrogen uses
    Family
    Published 20/05/2025 19:27 · Modified 20/05/2025 19:27
  • UAC-0006 uses
    Family
    Published 10/02/2025 20:44 · Modified 10/02/2025 20:44
  • Slingshot
  • Sandals
  • Trash Panda uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:03 · Modified 21/12/2025 01:03
  • Operation DreamJob
  • Sha1-Hulud uses
    Family
    Published 27/11/2025 14:13 · Modified 27/11/2025 14:13
  • ROGUEEYE uses
    Family
    Published 26/07/2024 08:51 · Modified 26/07/2024 08:51
  • Pupy
  • PUBLOAD uses
    Family
    Published 07/04/2026 11:11 · Modified 07/04/2026 11:11
  • Roarur uses
    Family
    Published 20/05/2026 17:45 · Modified 20/05/2026 17:45
  • TeamPCP Cloud stealer uses
    Family
    Published 24/03/2026 08:49 · Modified 24/03/2026 08:49
  • Qilin uses
    Family
    Published 09/06/2026 15:50 · Modified 09/06/2026 15:50
  • Muhstik uses
    Family
    Published 11/07/2024 20:35 · Modified 11/07/2024 20:35
  • Pennywise
  • BeaverTail uses
    Family
    Published 21/04/2026 12:09 · Modified 21/04/2026 12:09
  • Atera Agent uses
    Family
    Published 18/09/2024 08:29 · Modified 18/09/2024 08:29
  • Badredis2s uses
    Family
    Published 02/03/2026 17:39 · Modified 02/03/2026 17:39
  • GREASE
  • ShadowPy
  • Maui Ransomware uses
    Family
    Published 26/07/2024 08:51 · Modified 26/07/2024 08:51
  • LPEClient uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:41 · Modified 29/05/2026 12:20
  • BianLian uses
    Family
    Published 14/11/2024 11:57 · Modified 14/11/2024 11:57
  • RELOADEXT uses
    Family
    Published 05/08/2024 11:29 · Modified 05/08/2024 11:29
  • Chrysalis uses
    Family
    Published 16/02/2026 14:28 · Modified 16/02/2026 14:28
  • Popping Eagle
  • dbgpkg uses
    Family
    Published 15/05/2025 20:12 · Modified 15/05/2025 20:12
  • SugarGh0st uses
    Family
    Published 28/06/2024 07:35 · Modified 28/06/2024 07:35
  • ETERNALBLUE
  • Vidar Stealer uses
    Family
    Published 07/04/2025 19:41 · Modified 07/04/2025 19:41
  • Akira uses
    Family
    Published 12/06/2026 16:57 · Modified 12/06/2026 16:57
  • RA World
  • Cobalt Strike uses
    Family
    Published 16/12/2024 14:25 · Modified 16/12/2024 14:25
  • Cthulu uses
    Family
    Published 13/09/2024 08:59 · Modified 13/09/2024 08:59
  • Going Eagle
  • JokerSpy
  • scanbox
  • Pikabot uses
    Family
    Published 21/10/2024 10:59 · Modified 21/10/2024 10:59
  • Dridex - S0384 uses
    Family
    Published 08/08/2025 07:53 · Modified 08/08/2025 07:53
  • QRLog uses
    Family
    Published 21/01/2025 22:17 · Modified 21/01/2025 22:17

Reports (50)

Vulnerabilities (CVE) (35)

CVE-2024-3094
10.0 Critical

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma …

Attack vector
NETWORK
Published
29/03/2024
Modified
21/12/2025
CVE-2022-47966 KEV
9.8 Critical

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

Attack vector
Network
Published
23/01/2023
Modified
20/12/2025
CVE-2019-1458 KEV

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

Published
10/01/2022
Modified
20/12/2025
CVE-2024-7344
8.2 High

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Attack vector
LOCAL
Published
14/01/2025
Modified
21/12/2025
Analyzed
CVE-2024-4947 KEV
9.6 Critical

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Attack vector
Network
Published
20/05/2024
Modified
29/05/2026
Received
CVE-2023-22518 KEV
9.8 Critical

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an …

Attack vector
Network
Published
07/11/2023
Modified
21/12/2025
CVE-2021-33766 KEV

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

Published
18/01/2022
Modified
20/12/2025
CVE-2021-40539 KEV

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

Published
03/11/2021
Modified
20/12/2025
CVE-2023-38831 KEV
7.8 High

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …

Attack vector
Local
Published
24/08/2023
Modified
27/05/2026
CVE-2022-24990 KEV
7.5 High

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.

Attack vector
Network
Published
10/02/2023
Modified
20/12/2025
CVE-2023-42793 KEV
9.8 Critical

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

Attack vector
Network
Published
04/10/2023
Modified
29/05/2026
CVE-2024-4577 KEV
9.8 Critical

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …

Attack vector
Network
Published
12/06/2024
Modified
21/12/2025
Received
CVE-2021-44228 KEV
10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector
Network
Published
10/12/2021
Modified
27/05/2026
CVE-2021-34473 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Published
03/11/2021
Modified
29/05/2026
CVE-2017-0213 KEV
7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector
LOCAL
Complexity
LOW
Published
12/05/2017
Modified
22/04/2026
CVE-2021-20038 KEV

SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.

Published
28/01/2022
Modified
20/12/2025
CVE-2022-41040 KEV
8.8 High

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Attack vector
Network
Published
30/09/2022
Modified
20/12/2025
CVE-2024-5274 KEV
9.6 Critical

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This …

Attack vector
Network
Published
28/05/2024
Modified
21/12/2025
Awaiting Analysis
CVE-2018-0802 KEV

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published
03/11/2021
Modified
20/12/2025
CVE-2024-21412 KEV
8.1 High

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Attack vector
Network
Published
13/02/2024
Modified
27/05/2026
CVE-2024-38106 KEV
7.0 High

Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation …

Attack vector
Local
Published
13/08/2024
Modified
21/12/2025
Received
CVE-2018-0798 KEV

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published
03/11/2021
Modified
27/05/2026
CVE-2018-8120 KEV

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Published
15/03/2022
Modified
21/12/2025
CVE-2021-26855 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Published
03/11/2021
Modified
20/12/2025
CVE-2017-11882 KEV
7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector
Local
Complexity
Low
Published
15/11/2017
Modified
29/05/2026
CVE-2024-38193 KEV
7.8 High

Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain …

Attack vector
Local
Published
13/08/2024
Modified
21/12/2025
Received
CVE-2023-26360 KEV
8.6 High

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Attack vector
Network
Published
15/03/2023
Modified
21/12/2025
CVE-2024-7971 KEV
9.6 Critical

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. …

Attack vector
Network
Published
26/08/2024
Modified
21/12/2025
Analyzed
CVE-2019-0803 KEV

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows …

Published
03/11/2021
Modified
21/12/2025
CVE-2024-21338 KEV
7.8 High

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …

Attack vector
Local
Published
04/03/2024
Modified
21/12/2025
CVE-2024-3400 KEV
10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector
Network
Published
12/04/2024
Modified
21/12/2025

Attack patterns (MITRE) (2)

Course Of Action (4)

  • Limit Software Installation mitigates
  • Vulnerability Scanning mitigates
  • User Account Management mitigates
  • Boot Integrity mitigates