T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:34
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (58)
-
Boggy Serpens relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Budworm relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-STA-1020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese APTs relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-nexus threat actor relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DPRK relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DoNex relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dolphin Loader relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonBreath relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonForce relatedRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
QuasarRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Umbral Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SimayRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RUSTCLOAK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Shai-Hulud usesAlienVault Confidence 100
[Shai-Hulud](https://attack.mitre.org/software/S9008) is a supply chain worm, first reported in September 2025, that spreads through code repositories, including GitHub and NPM packages. It exploits CI/CD pipeline dependencies to propagate…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CrowDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FluffyGh0st usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GoBear usesFamily The MITRE Corporation Confidence 100
[GoBear](https://attack.mitre.org/software/S1197) is a Go-based backdoor that abuses legitimate, stolen certificates for defense evasion purposes. [GoBear](https://attack.mitre.org/software/S1197) is exclusively linked to [Kimsuky](https://attack.mitre.org/groups/G0094) operations.(Citation: S2W Troll Stealer 2024)(Citation: Symantec Troll Stealer…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DarkCloud usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 1 CVE 22 MITREs 10 Malwares 29 IOCs 28 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 2 Malwares 104 IOCs 4 Observables 1 APT
-
AlienVault Confidence 100 23 MITREs 21 IOCs 7 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 1 Malware 4 IOCs 4 Observables
-
AlienVault Confidence 100 18 MITREs 2 Malwares 108 IOCs 103 Observables
-
AlienVault Confidence 100 18 MITREs 1 Malware 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 7 Malwares 11 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
-
AlienVault Confidence 100 13 CVEs 22 MITREs 6 Malwares 5 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 12 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
Vulnerabilities (CVE) (79)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
- Attack vector
- NETWORK
- Published
- 11/03/2021
- Modified
- 24/06/2026
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- Low
- Published
- 29/11/2024
- Modified
- 08/04/2026
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console …
- Attack vector
- Network
- Published
- 24/08/2023
- Modified
- 21/12/2025
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP …
- Attack vector
- Network
- Published
- 09/02/2024
- Modified
- 21/12/2025
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Unspecified vulnerability allows for an authenticated user to escalate privileges.
- Published
- 17/11/2021
- Modified
- 21/12/2025
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
- Attack vector
- Local
- Published
- 12/09/2023
- Modified
- 21/12/2025
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process …
- Attack vector
- LOCAL
- Published
- 28/10/2025
- Modified
- 30/01/2026
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 12/12/2017
- Modified
- 22/04/2026
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …
- Attack vector
- Network
- Published
- 11/10/2022
- Modified
- 14/01/2026
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
- Attack vector
- Network
- Published
- 30/09/2022
- Modified
- 20/12/2025