T1559: Inter-Process Communication
Essential information
- MITRE technique ID
T1559- Confidence
- 100/100
- Revoked
- No
- Published
- 12/02/2020 15:08
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
T1559
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (20)
-
ScamClub usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-26 (Lazarus) usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
NewsPenguin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MirrorFace usesAlienVault Confidence 100
[MirrorFace](https://attack.mitre.org/groups/G1054) is a People's Republic of China (PRC)-aligned cyberespionage actor believed to be a subgroup under the [menuPass](https://attack.mitre.org/groups/G0045) umbrella based on targeting, tools, and infrastructure overlaps. [MirrorFace](https://attack.mitre.org/groups/G1054) has…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Tycoon Group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RomCom usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Inception](https://attack.mitre.org/groups/G0100) is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BladedFeline usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC6691 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (72)
-
HyperStack uses
-
GraphSteel usesFamily
-
WhisperGate - S0689 usesFamily
-
Zloader usesFamily
-
Moudoor usesFamily
-
BitRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Medusa Ransomware usesFamily
-
SPAWNCHIMERA uses
-
BlackLotus uses
-
Bitter RAT uses
-
PandorahVNC usesFamily
-
Cyclops Blink uses
Reports (9)
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
8 MITREs 1 Malware 20 Observables
-
9 MITREs 6 Observables
-
13 MITREs 5 Malwares 11 Observables 1 APT
-
8 MITREs 1 Malware 7 Observables
-
15 MITREs 2 Malwares 55 Observables
-
16 MITREs 2 Malwares 68 Observables
-
1 CVE 17 MITREs 1 Malware 6 Observables
-
15 MITREs 3 Malwares 10 Observables 1 APT
Vulnerabilities (CVE) (24)
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
- Attack vector
- LOCAL
- Published
- 10/01/2024
- Modified
- 15/03/2026
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …
- Published
- 14/06/2022
- Modified
- 27/05/2026
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
- Attack vector
- Local
- Published
- 23/06/2023
- Modified
- 03/03/2026
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability …
- Attack vector
- Network
- Published
- 16/11/2023
- Modified
- 27/05/2026
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out …
- Attack vector
- Network
- Published
- 22/05/2023
- Modified
- 03/03/2026
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 27/05/2026
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a …
- Attack vector
- Network
- Published
- 17/07/2023
- Modified
- 27/05/2026
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted …
- Attack vector
- Network
- Complexity
- LOW
- Published
- 23/01/2024
- Modified
- 04/04/2026
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
- Published
- 03/11/2021
- Modified
- 03/03/2026
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 05/03/2024
- Modified
- 04/04/2026
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
- Attack vector
- Local
- Published
- 26/07/2023
- Modified
- 21/12/2025
Attack patterns (MITRE) (2)
-
XPC Services subtechnique-of
-
Component Object Model subtechnique-ofT1559.001 MITRE
Campaign (2)
-
3CX Supply Chain Attack uses
-
Operation MidnightEclipse uses
Course Of Action (5)
-
Behavior Prevention on Endpoint mitigates
-
Application Developer Guidance mitigates
-
Disable or Remove Feature or Program mitigates
-
Software Configuration mitigates
-
Privileged Account Management mitigates