T1529: T1529
Essential information
- MITRE technique ID
T1529- Confidence
- 100/100
- Revoked
- No
- Published
- 04/10/2019 22:42
- Modified
- 21/04/2026 17:28
- Author / Source
- The MITRE Corporation
Aliases
System Shutdown/Reboot
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | impact |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (23)
-
China-nexus APT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RA World usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vect usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
Kinsing usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackMagic usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RobinHood usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC4466 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Goldoon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (82)
-
DarkVision RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Vadokrist usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ghost RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sting wiper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Exbyte usesFamily The MITRE Corporation Confidence 100
[Exbyte](https://attack.mitre.org/software/S1179) is an exfiltration tool written in Go that is uniquely associated with [BlackByte](https://attack.mitre.org/groups/G1043) operations. Observed since 2022, [Exbyte](https://attack.mitre.org/software/S1179) transfers collected files to online file sharing and hosting…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Maze usesFamily The MITRE Corporation Confidence 100
[Maze](https://attack.mitre.org/software/S0449) ransomware, previously known as "ChaCha", was discovered in May 2019. In addition to encrypting files on victim machines for impact, [Maze](https://attack.mitre.org/software/S0449) operators conduct information stealing campaigns prior…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Babyk usesThe MITRE Corporation Confidence 100
[Babuk](https://attack.mitre.org/software/S0638) is a Ransomware-as-a-service (RaaS) malware that has been used since at least 2021. The operators of [Babuk](https://attack.mitre.org/software/S0638) employ a "Big Game Hunting" approach to targeting major enterprises…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CutBrooch usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BidSwipe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AcidPour usesFamily The MITRE Corporation Confidence 100
[AcidPour](https://attack.mitre.org/software/S1167) is a variant of [AcidRain](https://attack.mitre.org/software/S1125) designed to impact a wider range of x86 architecture Linux devices. [AcidPour](https://attack.mitre.org/software/S1167) is an x86 ELF binary that expands on the targeted…
First seen 01/01/1970 · Last seen 16/11/5138 · -
LockerGoga usesFamily The MITRE Corporation Confidence 100
[LockerGoga](https://attack.mitre.org/software/S0372) is ransomware that was first reported in January 2019, and has been tied to various attacks on European companies, including industrial and manufacturing firms.(Citation: Unit42 LockerGoga 2019)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Lumma Stealer usesThe MITRE Corporation Confidence 100
[Lumma Stealer](https://attack.mitre.org/software/S1213) is an information stealer malware family in use since at least 2022. [Lumma Stealer](https://attack.mitre.org/software/S1213) is a Malware as a Service (MaaS) where captured data has been…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (16)
-
AlienVault Confidence 100 20 MITREs 6 Malwares 10 IOCs 2 Observables
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
AlienVault Confidence 100 20 MITREs 4 Malwares 26 IOCs 26 Observables 1 APT
-
19 MITREs 2 Malwares 2 Observables 1 APT
-
AlienVault Confidence 100 21 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
2 CVEs 19 MITREs 2 Malwares 4 Observables
-
19 MITREs 1 Malware
-
Technical Analysis of kkRAT related17 MITREs
-
DarkVision RAT related17 MITREs 2 Malwares
-
21 MITREs 2 Malwares 4 Observables 1 APT
-
16 MITREs 7 Observables
-
1 CVE 20 MITREs 2 Malwares 6 Observables
Vulnerabilities (CVE) (20)
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …
- Attack vector
- Network
- Published
- 02/11/2023
- Modified
- 21/12/2025
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/08/2012
- Modified
- 27/04/2026
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/06/2015
- Modified
- 27/04/2026
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- Attack vector
- Adjacent
- Complexity
- LOW
- Published
- 23/02/2015
- Modified
- 22/04/2026
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from …
- Attack vector
- NETWORK
- Published
- 25/06/2024
- Modified
- 21/12/2025
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …
- Published
- 16/05/2022
- Modified
- 20/12/2025
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow …
- Attack vector
- Network
- Published
- 31/10/2023
- Modified
- 21/12/2025
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position …
- Attack vector
- NETWORK
- Published
- 28/11/2023
- Modified
- 21/12/2025
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an …
- Attack vector
- Network
- Published
- 07/11/2023
- Modified
- 21/12/2025
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Campaign (1)
-
2025 Poland Wiper Attacks uses
Tool (1)
-
Remcos usesThe MITRE Corporation Confidence 100
[Remcos](https://attack.mitre.org/software/S0332) is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. [Remcos](https://attack.mitre.org/software/S0332) has been observed being used in…