T1574.002: T1574.002

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack patterns

View on MITRE ATT&CK AlienVault · Published 20/12/2025 19:34 · Modified 27/05/2026 21:40

Essential information

MITRE technique ID: T1574.002
Confidence: 100/100
Revoked: No
Published: 20/12/2025 19:34
Modified: 27/05/2026 21:40
Author / Source: AlienVault

Description

No description.

Marking (TLP)

TLP:GREEN

External references

mitre-attack (T1574.002)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (58)

AsyncRAT uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Kimsuky uses Black BansheeVelvet Chollima

The MITRE Corporation Confidence 100

[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Silver Fox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Earth Estries uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Lazarus uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Snake Keylogger uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Contagious Interview uses Gwisin GangTAG-121

The MITRE Corporation Confidence 100

[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Water Hydra uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FamousSparrow uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
CL-UNK-1068 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
LockBit uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
UAT-10027 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 5

1–12 of 58

AgentTesla uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
SOUNDBITE - S0157 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Margulas RAT uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
LOTUSLITE uses

Family
TeamPCP Cloud stealer uses

Family
MoonWalk uses

Family
EvilProxy uses

Family
LockBit uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Capra RAT uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
DragonForce uses

Family
GrewApacha uses

Family
Xnote uses

Family

← Previous

Page / 7

37–48 of 82

New Backdoor May be Linked to Ransomware Access … related

AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
StrikeShark: a new campaign involving a custom SharkLoader … related

AlienVault Confidence 100 13 CVEs 22 MITREs 6 Malwares 5 IOCs 4 Observables
An unknown actor distributes malicious VBS scripts via … related

AlienVault Confidence 100 19 MITREs 3 Malwares 12 IOCs 9 Observables
May 2026 Infostealer Trend Report related

AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
New APT-Q-27 sample spotted related

AlienVault Confidence 100 8 MITREs 2 IOCs 2 Observables 1 APT
Attackers Weaponize Microsoft Teams Relays to Stay Hidden related

AlienVault Confidence 100 3 CVEs 18 MITREs 2 Malwares 26 IOCs 26 Observables 1 APT
Investigation of email-based attack delivering MediaFire ZIP file … related

AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 4 Observables
Inside OnyxC2: The New Stealer Targeting 210 Apps related

15 MITREs 1 Malware 4 Observables
From external espionage to domestic targeting related

1 CVE 16 MITREs 5 Malwares 16 Observables 1 APT
Targeted espionage against Cambodian government entities related

AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
The Demon Arrives Later: A Havoc Stager Hides … related

AlienVault Confidence 100 1 CVE 18 MITREs 3 Malwares 27 IOCs 27 Observables
TA4922: The Suspected Chinese Crime Group is Going … related

AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (79)

CVE-2022-26134 KEV targets

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published: 02/06/2022
Modified: 27/05/2026

CVE-2024-36401 KEV targets

9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector: Network
Published: 15/07/2024
Modified: 21/12/2025

CVE-2025-1055 targets

5.6 Medium

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL …

Attack vector: LOCAL
Published: 11/06/2025
Modified: 16/06/2026

Awaiting Analysis

CVE-2025-31324 KEV targets

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

CVE-2022-30190 KEV targets

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …

Published: 14/06/2022
Modified: 27/05/2026

CVE-2021-4034 KEV targets

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Published: 27/06/2022
Modified: 20/12/2025

CVE-2025-8088 KEV targets

8.8 High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

CVE-2025-32463 KEV targets

9.3 Critical

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …

Attack vector: Local
Published: 29/09/2025
Modified: 27/05/2026

Received

CVE-2023-39143 targets

9.8 Critical

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This …

Attack vector: NETWORK
Published: 04/08/2023
Modified: 08/05/2026

CVE-2024-6473 targets

7.8 High

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.

Attack vector: LOCAL
Published: 03/09/2024
Modified: 21/12/2025

Analyzed

CVE-2022-38028 KEV targets

7.8 High

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with …

Attack vector: Local
Published: 23/04/2024
Modified: 21/12/2025

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

← Previous

Page / 7

13–24 of 79

Contact About Legal notice Privacy policy Terms of use