T1585.002: Email Accounts
Essential information
- MITRE technique ID
T1585.002- Confidence
- 100/100
- Revoked
- No
- Published
- 01/10/2020 03:09
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
T1585.002
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | resource-development |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (31)
-
The MITRE Corporation Confidence 100
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Proton66 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Telekopye usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC6032 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
North Korea usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (42)
-
DCHSpy usesFamily
-
NetBird usesFamily
-
NanHaiShu - S0228 uses
-
Keitaro usesFamily
-
Family
-
Noodlophile Stealer usesFamily
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CurlBack RAT usesFamily
-
InvisibleFerret usesFamily
-
RustDoor usesFamily
-
YTStealer usesFamily
-
DarkCloud usesFamily
Reports (13)
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
7 MITREs 200 Observables
-
SecuritySnack: 18+E-Crime related5 MITREs 140 Observables
-
6 MITREs 5 Malwares 1 Observable 1 APT
-
9 MITREs 87 Observables
-
1 CVE 4 MITREs 43 Observables 1 APT
-
4 MITREs 93 Observables 1 APT
-
9 MITREs 3 Malwares 28 Observables 1 APT
-
19 MITREs
-
14 MITREs 5 Malwares 4 Observables 1 APT
-
8 MITREs 69 Observables 1 APT
-
9 MITREs 1 Malware 1 APT
Vulnerabilities (CVE) (4)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially …
- Attack vector
- NETWORK
- Published
- 22/08/2025
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025
Campaign (8)
-
Salesforce Data Exfiltration uses
-
Operation Wocao uses
-
Operation Dream Job uses
-
Operation Honeybee uses
-
Operation Dust Storm uses
-
Operation AkaiRyū uses
-
FunnyDream uses
-
SharePoint ToolShell Exploitation uses
Course Of Action (1)
-
Pre-compromise mitigates