T1574.002: T1574.002
Essential information
- MITRE technique ID
T1574.002- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:34
- Modified
- 27/05/2026 21:40
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
Khmer Shadow relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Konni Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Librarian Ghouls relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Migo relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Mustard Tempest](https://attack.mitre.org/groups/G1020) is an initial access broker that has operated the [SocGholish](https://attack.mitre.org/software/S1124) distribution network since at least 2017. [Mustard Tempest](https://attack.mitre.org/groups/G1020) has partnered with [Indrik Spider](https://attack.mitre.org/groups/G0119) to provide access…
First seen 01/01/1970 · Last seen 16/11/5138 · -
NGC4020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Naikon relatedThe MITRE Corporation Confidence 100
[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Nimbus Manticore relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (83)
-
Trojan:Win32/Amadey usesFamily
-
CompactGopher usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Adaptix usesFamily
-
TWINTALK usesFamily
-
SNAPPYBEE usesFamily
-
Pillager usesFamily
-
Dcsync usesFamily
-
wAgent usesFamily
-
Nuso usesFamily
-
TONEINS uses
-
Gholoader usesFamily
-
Meduza usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 18 MITREs 1 Malware 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 7 Malwares 11 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 16 IOCs 10 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
-
AlienVault Confidence 100 13 CVEs 22 MITREs 6 Malwares 5 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 12 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
-
New APT-Q-27 sample spotted relatedAlienVault Confidence 100 8 MITREs 2 IOCs 2 Observables 1 APT
-
AlienVault Confidence 100 3 CVEs 18 MITREs 2 Malwares 26 IOCs 26 Observables 1 APT
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
-
15 MITREs 1 Malware 4 Observables
-
1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
Vulnerabilities (CVE) (79)
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel …
- Published
- 03/11/2021
- Modified
- 29/05/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 29/05/2026
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This …
- Attack vector
- Network
- Published
- 07/02/2025
- Modified
- 21/12/2025
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote …
- Attack vector
- Network
- Published
- 22/01/2024
- Modified
- 21/12/2025
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
- Attack vector
- Network
- Published
- 19/07/2023
- Modified
- 27/05/2026
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …
- Attack vector
- NETWORK
- Published
- 21/07/2025
- Modified
- 21/12/2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily …
- Attack vector
- LOCAL
- Published
- 17/04/2024
- Modified
- 21/12/2025
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 07/06/2016
- Modified
- 24/06/2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Attack vector
- LOCAL
- Published
- 13/08/2024
- Modified
- 21/12/2025
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025