T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 21:26
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
AsyncRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Silver Fox usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Estries usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lazarus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Snake Keylogger usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Water Hydra usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FamousSparrow usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-UNK-1068 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAT-10027 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (105)
-
Trojan:Win32/Amadey usesFamily
-
CompactGopher usesFamily
-
Adaptix usesFamily
-
TWINTALK usesFamily
-
SNAPPYBEE usesFamily
-
Dcsync usesFamily
-
wAgent usesFamily
-
Nuso usesFamily
-
TONEINS uses
-
Gholoader usesFamily
-
Meduza usesFamily
-
Rilide Stealer usesFamily
Reports (50)
-
AlienVault Confidence 100 19 MITREs 3 Malwares 12 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
-
New APT-Q-27 sample spotted relatedAlienVault Confidence 100 8 MITREs 2 IOCs 2 Observables 1 APT
-
AlienVault Confidence 100 3 CVEs 18 MITREs 2 Malwares 26 IOCs 26 Observables 1 APT
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
-
15 MITREs 1 Malware 4 Observables
-
1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 18 MITREs 3 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT
-
20 MITREs 4 Malwares 20 Observables
-
20 MITREs 1 Malware 1 APT
Vulnerabilities (CVE) (69)
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an …
- Published
- 03/11/2021
- Modified
- 29/05/2026
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …
- Attack vector
- Network
- Published
- 20/07/2025
- Modified
- 21/12/2025
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread …
- Attack vector
- Network
- Published
- 10/07/2025
- Modified
- 21/12/2025
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which …
- Attack vector
- LOCAL
- Published
- 08/01/2024
- Modified
- 16/06/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a …
- Attack vector
- NETWORK
- Published
- 07/01/2026
- Modified
- 09/03/2026
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 28/07/2025
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a …
- Attack vector
- Network
- Published
- 12/11/2024
- Modified
- 27/05/2026
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …
- Attack vector
- Local
- Published
- 23/10/2024
- Modified
- 09/01/2026
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026