T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:34
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
CL-STA-1020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese APTs relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-nexus threat actor relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DPRK relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DoNex relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dolphin Loader relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonBreath relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DragonForce relatedRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
Dust Specter relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Alux relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (83)
-
Trojan:Win32/Amadey usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CompactGopher usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Adaptix usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TWINTALK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SNAPPYBEE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pillager usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dcsync usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
wAgent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Nuso usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONEINS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhoLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Meduza usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 18 MITREs 1 Malware 4 IOCs 4 Observables
-
AlienVault Confidence 100 18 MITREs 2 Malwares 108 IOCs 103 Observables
-
AlienVault Confidence 100 18 MITREs 1 Malware 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 7 Malwares 11 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
-
AlienVault Confidence 100 13 CVEs 22 MITREs 6 Malwares 5 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 12 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
-
New APT-Q-27 sample spotted relatedAlienVault Confidence 100 8 MITREs 2 IOCs 2 Observables 1 APT
-
AlienVault Confidence 100 3 CVEs 18 MITREs 2 Malwares 26 IOCs 26 Observables 1 APT
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
Vulnerabilities (CVE) (79)
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 …
- Attack vector
- Adjacent
- Published
- 30/09/2022
- Modified
- 20/12/2025
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma …
- Attack vector
- NETWORK
- Published
- 29/03/2024
- Modified
- 21/12/2025
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- High
- Published
- 04/07/2024
- Modified
- 08/04/2026
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this …
- Attack vector
- Physical
- Complexity
- Low
- Published
- 20/05/2026
- Modified
- 04/06/2026
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being …
- Attack vector
- Network
- Published
- 27/03/2025
- Modified
- 21/12/2025
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …
- Attack vector
- Network
- Published
- 13/02/2026
- Modified
- 20/02/2026