T1560.001: T1560.001
Essential information
- MITRE technique ID
T1560.001- Confidence
- 100/100
- Revoked
- No
- Published
- 20/02/2020 22:01
- Modified
- 15/04/2026 13:26
- Author / Source
- The MITRE Corporation
Aliases
Archive via Utility
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (54)
-
UNC3886 usesThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RastaFarEye usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Aquatic Panda relatedThe MITRE Corporation Confidence 100
[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-STA-1020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chimera relatedThe MITRE Corporation Confidence 100
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (61)
-
AppleSeed usesFamily The MITRE Corporation Confidence 100
[AppleSeed](https://attack.mitre.org/software/S0622) is a backdoor that has been used by [Kimsuky](https://attack.mitre.org/groups/G0094) to target South Korean government, academic, and commercial targets since at least 2021.(Citation: Malwarebytes Kimsuky June 2021)
First seen 01/01/1970 · Last seen 16/11/5138 · -
InvisiMole usesFamily The MITRE Corporation Confidence 100
[InvisiMole](https://attack.mitre.org/software/S0260) is a modular spyware program that has been used by the InvisiMole Group since at least 2013. [InvisiMole](https://attack.mitre.org/software/S0260) has two backdoor modules called RC2FM and RC2CL that…
First seen 01/01/1970 · Last seen 16/11/5138 · -
HazyBeacon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PureClipper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
POISONPLUG.SHADOW usesThe MITRE Corporation Confidence 100
[ShadowPad](https://attack.mitre.org/software/S0596) is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AMOS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MICROBACKDOOR usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
IcedID - S0483 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PureCrypter usesAlienVault Confidence 100
PureCrypter is a fully-featured malware loader, developed by a threat actor called “PureCoder," that has been in use since at least 2021 to distribute a variety of remote…
First seen 01/01/1970 · Last seen 16/11/5138 · -
d3f@ckloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FoggyWeb - S0661 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (35)
-
AlienVault Confidence 100 20 MITREs 3 Malwares 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
-
20 MITREs 6 Observables
-
9 MITREs 3 Malwares 10 Observables 1 APT
-
17 MITREs 7 Observables
-
14 MITREs 7 Malwares 4 Observables 1 APT
-
25 MITREs 4 Malwares 1 APT
-
32 MITREs 6 Malwares
-
26 MITREs 2 Malwares 1 Observable 1 APT
-
8 MITREs 1 Malware 1 APT
-
15 MITREs 3 Malwares 43 Observables 1 APT
-
16 MITREs 1 Malware 12 Observables 1 APT
Vulnerabilities (CVE) (18)
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary …
- Attack vector
- Network
- Published
- 13/02/2025
- Modified
- 21/12/2025
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …
- Published
- 10/05/2022
- Modified
- 20/12/2025
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the …
- Published
- 03/11/2021
- Modified
- 20/12/2025
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Tool (3)
-
Rclone usesThe MITRE Corporation Confidence 100
[Rclone](https://attack.mitre.org/software/S1040) is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. [Rclone](https://attack.mitre.org/software/S1040) has been used in a…
-
PoshC2 usesThe MITRE Corporation Confidence 100
[PoshC2](https://attack.mitre.org/software/S0378) is an open source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while…
-
certutil usesThe MITRE Corporation Confidence 100
[certutil](https://attack.mitre.org/software/S0160) is a command-line utility that can be used to obtain certificate authority information and configure Certificate Services. (Citation: TechNet Certutil)
Campaign (6)
-
FunnyDream uses
-
Operation Honeybee uses
-
Operation Dream Job uses
-
C0026 uses
-
Operation CuckooBees uses
-
APT28 Nearest Neighbor Campaign uses
Course Of Action (1)
-
Audit mitigates