T1548: T1548
Essential information
- MITRE technique ID
T1548- Confidence
- 100/100
- Revoked
- No
- Published
- 30/01/2020 14:58
- Modified
- 14/04/2026 11:20
- Author / Source
- The MITRE Corporation
Aliases
Abuse Elevation Control Mechanism
Platforms
windows macos linux IaaS Office Suite Identity Provider
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (26)
-
Trigona relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC3886 relatedThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
BlackMatter usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DuckLogs usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Copybara usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PortTranC usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BatLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CraxsRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PlugX - S0013 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (43)
-
AlienVault Confidence 100 3 CVEs 19 MITREs 9 IOCs 8 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 7 IOCs
-
1 CVE 10 MITREs 1 Observable
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
AlienVault Confidence 100 17 MITREs 1 Malware 53 IOCs 53 Observables
-
AlienVault Confidence 100 17 MITREs 1 Malware 1 IOC 1 Observable
-
AlienVault Confidence 100 1 CVE 15 MITREs 6 Malwares 1 IOC 1 Observable 1 APT
-
AlienVault Confidence 100 23 CVEs 20 MITREs 5 Malwares 2 IOCs 2 Observables 1 APT
-
Vgod RANSOMWARE related30 MITREs 1 Malware 1 Observable
-
6 MITREs 5 Observables
-
7 CVEs 13 MITREs 28 Observables
-
Raspberry Robin Analysis related2 CVEs 20 MITREs 2 Malwares 126 Observables
Vulnerabilities (CVE) (63)
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 13/01/2026
- Modified
- 02/04/2026
Secure Boot Security Feature Bypass Vulnerability
- Attack vector
- LOCAL
- Published
- 11/01/2022
- Modified
- 20/12/2025
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If …
- Attack vector
- Network
- Published
- 19/09/2024
- Modified
- 21/12/2025
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 05/06/2026
- Modified
- 25/06/2026
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote …
- Attack vector
- Network
- EPSS
- 0.0008 (P23.4%)
- Published
- 13/03/2026
- Modified
- 14/04/2026
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web …
- Attack vector
- LOCAL
- Published
- 24/08/2021
- Modified
- 10/03/2026
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions …
- Attack vector
- Network
- Complexity
- Low
- Published
- 15/10/2025
- Modified
- 04/04/2026
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, …
- Attack vector
- Network
- Published
- 29/05/2024
- Modified
- 21/12/2025
Windows CSC Service Elevation of Privilege Vulnerability
- Attack vector
- LOCAL
- Published
- 09/04/2024
- Modified
- 21/12/2025
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
- Attack vector
- LOCAL
- Published
- 02/03/2026
- Modified
- 14/04/2026
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
- Attack vector
- LOCAL
- Published
- 05/02/2022
- Modified
- 21/12/2025
Attack patterns (MITRE) (3)
-
TCC Manipulation subtechnique-of
-
Temporary Elevated Cloud Access subtechnique-of
-
T1548.003 subtechnique-ofSudo and Sudo Caching MITRE
Course Of Action (5)
-
Audit mitigates
-
Restrict File and Directory Permissions mitigates
-
Update Software mitigates
-
Operating System Configuration mitigates
-
User Account Management mitigates