T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:34
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
Khmer Shadow relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Konni Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Librarian Ghouls relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Migo relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Mustard Tempest](https://attack.mitre.org/groups/G1020) is an initial access broker that has operated the [SocGholish](https://attack.mitre.org/software/S1124) distribution network since at least 2017. [Mustard Tempest](https://attack.mitre.org/groups/G1020) has partnered with [Indrik Spider](https://attack.mitre.org/groups/G0119) to provide access…
First seen 01/01/1970 · Last seen 16/11/5138 · -
NGC4020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Naikon relatedThe MITRE Corporation Confidence 100
[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Nimbus Manticore relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (83)
-
Trojan:Win32/Amadey usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CompactGopher usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Adaptix usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TWINTALK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SNAPPYBEE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pillager usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dcsync usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
wAgent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Nuso usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONEINS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhoLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Meduza usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
15 MITREs 1 Malware 4 Observables
-
1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 18 MITREs 3 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT
-
20 MITREs 4 Malwares 20 Observables
-
20 MITREs 1 Malware 1 APT
-
17 MITREs 3 Malwares 12 Observables
-
AlienVault Confidence 100 21 MITREs 2 Malwares 7 IOCs 7 Observables
-
20 MITREs 2 Malwares 14 Observables
-
20 MITREs 6 Malwares 10 Observables 1 APT
-
20 MITREs 2 Malwares 27 Observables 1 APT
Vulnerabilities (CVE) (79)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
- Attack vector
- NETWORK
- Published
- 11/03/2021
- Modified
- 24/06/2026
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- Low
- Published
- 29/11/2024
- Modified
- 08/04/2026
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console …
- Attack vector
- Network
- Published
- 24/08/2023
- Modified
- 21/12/2025
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP …
- Attack vector
- Network
- Published
- 09/02/2024
- Modified
- 21/12/2025
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Unspecified vulnerability allows for an authenticated user to escalate privileges.
- Published
- 17/11/2021
- Modified
- 21/12/2025
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
- Attack vector
- Local
- Published
- 12/09/2023
- Modified
- 21/12/2025
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process …
- Attack vector
- LOCAL
- Published
- 28/10/2025
- Modified
- 30/01/2026
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 12/12/2017
- Modified
- 22/04/2026
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …
- Attack vector
- Network
- Published
- 11/10/2022
- Modified
- 14/01/2026
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
- Attack vector
- Network
- Published
- 30/09/2022
- Modified
- 20/12/2025