T1530: T1530
Essential information
- MITRE technique ID
T1530- Confidence
- 100/100
- Revoked
- No
- Published
- 30/08/2019 20:07
- Modified
- 31/03/2026 20:49
- Author / Source
- The MITRE Corporation
Aliases
Data from Cloud Storage
Platforms
IaaS Office Suite SaaS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (27)
-
The MITRE Corporation Confidence 100
[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA578 usesThe MITRE Corporation Confidence 100
[TA578](https://attack.mitre.org/groups/G1038) is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including [Latrodectus](https://attack.mitre.org/software/S1160), [IcedID](https://attack.mitre.org/software/S0483), and [Bumblebee](https://attack.mitre.org/software/S1039).(Citation: Latrodectus APR…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CloudWizard usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC6040, UNC6395 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC2903 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT42 relatedThe MITRE Corporation Confidence 100
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (68)
-
Evilginx usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Brute Ratel C4 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
OilCheck usesFamily The MITRE Corporation Confidence 100
[OilCheck](https://attack.mitre.org/software/S1171) is a C#/.NET downloader that has been used by [OilRig](https://attack.mitre.org/groups/G0049) since at least 2022 including against targets in Israel. [OilCheck](https://attack.mitre.org/software/S1171) uses draft messages created in a shared…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RE#TURGENCE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BadBazaar usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlueNoroff usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CommonMagic usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
STIFF#BIZON usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TechnoCreep usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SocGholish usesThe MITRE Corporation Confidence 100
[SocGholish](https://attack.mitre.org/software/S1124) is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Hive usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (18)
-
AlienVault Confidence 100 20 MITREs 3 IOCs 3 Observables
-
AlienVault Confidence 100 15 MITREs 2 IOCs 2 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
10 MITREs 3 Malwares 1 APT
-
20 MITREs 2 Observables 1 APT
-
10 MITREs
-
10 MITREs 4 Observables
-
7 MITREs 14 Observables 1 APT
-
12 MITREs 3 Observables 1 APT
-
1 CVE 12 MITREs 1 Malware 2 Observables 1 APT
-
1 CVE 6 MITREs 8 Observables 1 APT
Vulnerabilities (CVE) (12)
Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the …
- Attack vector
- Network
- Published
- 04/09/2025
- Modified
- 21/12/2025
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key …
- Published
- 08/01/2026
- Modified
- 08/01/2026
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS …
- Published
- 09/12/2025
- Modified
- 17/12/2025
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through …
- Published
- 13/01/2026
- Modified
- 14/01/2026
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through …
- Published
- 13/01/2026
- Modified
- 14/01/2026
Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely …
- Attack vector
- Network
- Published
- 23/06/2023
- Modified
- 21/12/2025
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an …
- Published
- 09/12/2025
- Modified
- 09/12/2025
Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.
- Published
- 29/09/2025
- Modified
- 20/12/2025
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and …
- Attack vector
- Network
- Published
- 19/09/2023
- Modified
- 28/02/2026
Course Of Action (5)
-
User Account Management mitigates
-
Restrict File and Directory Permissions mitigates
-
Audit mitigates
-
Encrypt Sensitive Information mitigates
-
Filter Network Traffic mitigates
Tool (4)
-
AADInternals usesThe MITRE Corporation Confidence 100
[AADInternals](https://attack.mitre.org/software/S0677) is a PowerShell-based framework for administering, enumerating, and exploiting Azure Active Directory. The tool is publicly available on GitHub.(Citation: AADInternals Github)(Citation: AADInternals Documentation)
-
TruffleHog usesThe MITRE Corporation Confidence 75
[TruffleHog](https://attack.mitre.org/software/S9009) is an open-source secrets-discovery tool that is used to search for credentials, API keys, and encryption keys across a variety of data sources and environments.(Citation: Black Hills…
-
Peirates usesThe MITRE Corporation Confidence 100
[Peirates](https://attack.mitre.org/software/S0683) is a post-exploitation Kubernetes exploitation framework with a focus on gathering service account tokens for lateral movement and privilege escalation. The tool is written in GoLang and…
-
Pacu usesThe MITRE Corporation Confidence 100
Pacu is an open-source AWS exploitation framework. The tool is written in Python and publicly available on GitHub.(Citation: GitHub Pacu)