T1548: T1548
Essential information
- MITRE technique ID
T1548- Confidence
- 100/100
- Revoked
- No
- Published
- 30/01/2020 14:58
- Modified
- 14/04/2026 11:20
- Author / Source
- The MITRE Corporation
Aliases
Abuse Elevation Control Mechanism
Platforms
windows macos linux IaaS Office Suite Identity Provider
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
| mitre-attack | privilege-escalation |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (26)
-
UNC4466 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Cuba usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAT-8099 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Anatsa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CoralRaider usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NullBulge usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Ping3r and Rodrigo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Unfading Sea Haze usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Metamorfo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Baku usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
KONNI usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
Backdoor:Win32/Dora usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Redsip uses
-
GHOSTBLADE usesFamily
-
RftRAT usesFamily
-
GHOSTKNIFE usesFamily
-
JuicyPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TranslucentGh0st usesFamily
-
BlackLotus uses
-
Meterpreter usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Warp AV Killer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rakshasa usesFamily
-
Hodur uses
Reports (43)
-
AlienVault Confidence 100 3 CVEs 19 MITREs 9 IOCs 8 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 7 IOCs
-
1 CVE 10 MITREs 1 Observable
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
AlienVault Confidence 100 17 MITREs 1 Malware 53 IOCs 53 Observables
-
AlienVault Confidence 100 17 MITREs 1 Malware 1 IOC 1 Observable
-
AlienVault Confidence 100 1 CVE 15 MITREs 6 Malwares 1 IOC 1 Observable 1 APT
-
AlienVault Confidence 100 23 CVEs 20 MITREs 5 Malwares 2 IOCs 2 Observables 1 APT
-
Vgod RANSOMWARE related30 MITREs 1 Malware 1 Observable
-
6 MITREs 5 Observables
-
7 CVEs 13 MITREs 28 Observables
-
Raspberry Robin Analysis related2 CVEs 20 MITREs 2 Malwares 126 Observables
Vulnerabilities (CVE) (63)
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 30/03/2026
- Modified
- 17/04/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can …
- Attack vector
- Network
- Published
- 09/10/2024
- Modified
- 21/12/2025
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege …
- Attack vector
- ADJACENT_NETWORK
- Published
- 02/02/2021
- Modified
- 20/12/2025
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 14/05/2026
- Modified
- 18/06/2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Complexity
- Low
- Published
- 10/03/2026
- Modified
- 26/05/2026
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
- Published
- 10/01/2022
- Modified
- 20/12/2025
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0007 (P20.9%)
- Published
- 23/03/2026
- Modified
- 14/04/2026
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical …
- Attack vector
- Network
- Published
- 20/12/2025
- Modified
- 12/03/2026
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Attack patterns (MITRE) (3)
-
TCC Manipulation subtechnique-of
-
Temporary Elevated Cloud Access subtechnique-of
-
T1548.003 subtechnique-ofSudo and Sudo Caching MITRE
Course Of Action (5)
-
Audit mitigates
-
Restrict File and Directory Permissions mitigates
-
Update Software mitigates
-
Operating System Configuration mitigates
-
User Account Management mitigates