T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:34
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
CL-STA-1020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese APTs relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-nexus threat actor relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DPRK relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DoNex relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dolphin Loader relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonBreath relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonForce relatedRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
Dust Specter relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Alux relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (83)
-
Trojan:Win32/Amadey usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CompactGopher usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Adaptix usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TWINTALK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SNAPPYBEE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pillager usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dcsync usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
wAgent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Nuso usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONEINS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhoLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Meduza usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
15 MITREs 1 Malware 4 Observables
-
1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 18 MITREs 3 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT
-
20 MITREs 4 Malwares 20 Observables
-
20 MITREs 1 Malware 1 APT
-
17 MITREs 3 Malwares 12 Observables
-
AlienVault Confidence 100 21 MITREs 2 Malwares 7 IOCs 7 Observables
-
20 MITREs 2 Malwares 14 Observables
-
20 MITREs 6 Malwares 10 Observables 1 APT
-
20 MITREs 2 Malwares 27 Observables 1 APT
Vulnerabilities (CVE) (79)
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 25/02/2026
- Modified
- 18/06/2026
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker …
- Attack vector
- Network
- Published
- 16/10/2023
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after …
- Attack vector
- Network
- Published
- 12/11/2025
- Modified
- 21/12/2025
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 15/09/2017
- Modified
- 22/04/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
- Published
- 10/01/2022
- Modified
- 20/12/2025
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to …
- Attack vector
- NETWORK
- Published
- 08/10/2019
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML …
- Attack vector
- Network
- Published
- 02/07/2025
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025