T1518: T1518

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/09/2019 19:52 · Modified 27/03/2026 01:12

Essential information

MITRE technique ID: T1518
Confidence: 100/100
Revoked: No
Published: 16/09/2019 19:52
Modified: 27/03/2026 01:12
Author / Source: The MITRE Corporation

Aliases

Software Discovery

Platforms

windows macos linux IaaS ESXi

Description

Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from [Software Discovery](https://attack.mitre.org/techniques/T1518) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Such software may be deployed widely across the environment for configuration management or security reasons, such as [Software Deployment Tools](https://attack.mitre.org/techniques/T1072), and may allow adversaries broad access to infect devices or move laterally. Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068).

Kill chain phases

Kill chain	Phase
mitre-attack	discovery

Marking (TLP)

External references

mitre-attack (T1518)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (54)

TAG-140 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
PlushDaemon uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
interlock uses

Ransomware.Live Confidence 100

No description available

First seen 01/01/1970 · Last seen 16/11/5138 ·
Conti uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
IMPERIAL KITTEN uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Blackwood uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT28 related IRON TWILIGHTSNAKEMACKEREL

The MITRE Corporation Confidence 100

[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT37 related InkySquidGroup123

The MITRE Corporation Confidence 100

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Artem related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Ashen Lepus related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
BRONZE BUTLER related REDBALDKNIGHTTick

The MITRE Corporation Confidence 100

[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Banshee related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 5

13–24 of 54

PrivateLoader uses

Family
Fast Reverse Proxy uses

Family
LockBit uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mimic uses

Family
DarkGate - S1111 uses

Family
SPECTR uses

Family
SendInbox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
AHKBot uses

Family
CBROVER uses

Family
AshenLoader uses

Family
MegaCortex - S0576 uses

Family
Pennywise uses

← Previous

Page / 7

13–24 of 80

Millenium: A RAT Rewritten, A Threat Multiplied related

AlienVault Confidence 100 21 MITREs 5 Malwares 60 IOCs 21 Observables 1 APT
ClickFix Campaign Generated Via AI Delivers SmartRAT related

AlienVault Confidence 100 20 MITREs 4 Malwares 9 IOCs 9 Observables
Gamers beware: malicious wallpapers on Steam found stealing … related

AlienVault Confidence 100 20 MITREs 5 Malwares 8 IOCs 8 Observables
Fake Software Tutorials on TikTok Spread Vidar Stealer related

20 MITREs 1 Malware
Malicious npm packages abuse dependency confusion to profile … related

20 MITREs 7 Observables
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
Lorem Ipsum Malware: Trojanized MS Teams Installers related

AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
Q1 2026 Malware Statistics Report for Windows Database … related

AlienVault Confidence 100 18 MITREs 9 Malwares 5 IOCs 5 Observables 1 APT
CPU-Z & HWMonitor, cpuid.com, Watering Hole Attack related

20 MITREs 2 Malwares 16 Observables
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government … related

AlienVault Confidence 100 11 MITREs 1 Malware 1 APT
EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), … related

18 MITREs 1 Malware 10 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (85)

CVE-2022-40684 KEV targets

9.8 Critical

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …

Attack vector: Network
Published: 11/10/2022
Modified: 14/01/2026

CVE-2021-31199 KEV targets

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Published: 03/11/2021
Modified: 20/12/2025

CVE-2023-41974 KEV targets

7.8 High

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.

Attack vector: LOCAL
Published: 10/01/2024
Modified: 15/03/2026

CVE-2024-3400 KEV targets

10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector: Network
Published: 12/04/2024
Modified: 21/12/2025

CVE-2023-38408

targets

CVE-2023-26360 KEV targets

8.6 High

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Attack vector: Network
Published: 15/03/2023
Modified: 21/12/2025

CVE-2023-3727

targets

CVE-2022-30525 KEV targets

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …

Published: 16/05/2022
Modified: 20/12/2025

CVE-2022-41040 KEV targets

8.8 High

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Attack vector: Network
Published: 30/09/2022
Modified: 20/12/2025

CVE-2023-43000 KEV targets

8.8 High

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, …

Attack vector: NETWORK
Published: 05/11/2025
Modified: 15/03/2026

Analyzed

CVE-2024-23296 KEV targets

7.8 High

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and …

Attack vector: Local
Complexity: LOW
Published: 05/03/2024
Modified: 04/04/2026

CWE-787

CVE-2021-30952 KEV targets

7.8 High

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web …

Attack vector: LOCAL
Published: 24/08/2021
Modified: 10/03/2026

← Previous

Page / 8

1–12 of 85

Juicy Mix uses

Tool (1)

ShimRatReporter uses

The MITRE Corporation Confidence 100

[ShimRatReporter](https://attack.mitre.org/software/S0445) is a tool used by suspected Chinese adversary [Mofang](https://attack.mitre.org/groups/G0103) to automatically conduct initial discovery. The details from this discovery are used to customize follow-on payloads (such as…

Contact About Legal notice Privacy policy Terms of use

T1518: T1518

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (54)

Malware (80)

Reports (50)

Vulnerabilities (CVE) (85)

Campaign (1)

Tool (1)