T1518: T1518
Essential information
- MITRE technique ID
T1518- Confidence
- 100/100
- Revoked
- No
- Published
- 16/09/2019 19:52
- Modified
- 27/03/2026 01:12
- Author / Source
- The MITRE Corporation
Aliases
Software Discovery
Platforms
windows macos linux IaaS ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | discovery |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (54)
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Larva-26002 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lampion usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Raspberry Robin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Hive0145 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HoneyMyte usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Runningcrab usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT 42 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ice Breaker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ping3r and Rodrigo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TamperedChef usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
DownExPyer usesFamily
-
KOPILUWAK uses
-
DarkCloud Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Warlock usesFamily
-
LianSpy usesFamily
-
Ramnit usesFamily
-
StormKitty usesFamily
-
PS1Bot usesFamily
-
Hazard uses
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Banshee usesFamily
-
Lampion Stealer usesFamily
Reports (50)
-
16 MITREs 4 Malwares 19 Observables 1 APT
-
11 MITREs
-
20 MITREs 1 Malware 5 Observables
-
25 MITREs 2 Observables
-
20 MITREs 1 Malware 6 Observables 1 APT
-
17 MITREs 1 Malware 4 Observables
-
21 MITREs 2 Malwares 9 Observables 1 APT
-
6 MITREs 5 Observables
-
15 MITREs 4 Malwares 84 Observables 1 APT
-
10 MITREs 10 Malwares 39 Observables
-
4 MITREs 2 Malwares 20 Observables 1 APT
-
18 MITREs 2 Malwares 5 Observables 1 APT
Vulnerabilities (CVE) (85)
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …
- Attack vector
- Network
- Published
- 11/10/2022
- Modified
- 14/01/2026
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
- Attack vector
- LOCAL
- Published
- 10/01/2024
- Modified
- 15/03/2026
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
targets
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
- Attack vector
- Network
- Published
- 15/03/2023
- Modified
- 21/12/2025
targets
A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …
- Published
- 16/05/2022
- Modified
- 20/12/2025
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
- Attack vector
- Network
- Published
- 30/09/2022
- Modified
- 20/12/2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, …
- Attack vector
- NETWORK
- Published
- 05/11/2025
- Modified
- 15/03/2026
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 05/03/2024
- Modified
- 04/04/2026
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web …
- Attack vector
- LOCAL
- Published
- 24/08/2021
- Modified
- 10/03/2026
Campaign (1)
-
Juicy Mix uses
Tool (1)
-
ShimRatReporter usesThe MITRE Corporation Confidence 100
[ShimRatReporter](https://attack.mitre.org/software/S0445) is a tool used by suspected Chinese adversary [Mofang](https://attack.mitre.org/groups/G0103) to automatically conduct initial discovery. The details from this discovery are used to customize follow-on payloads (such as…