T1588.001: T1588.001

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/03/2026 01:10

Essential information

MITRE technique ID: T1588.001
Confidence: 100/100
Revoked: No
Published: 16/12/2025 19:38
Modified: 27/03/2026 01:10
Author / Source: The MITRE Corporation

Aliases

Malware

Platforms

PRE

Description

Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors. In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).

Kill chain phases

Kill chain	Phase
mitre-attack	resource-development

Marking (TLP)

External references

mitre-attack (T1588.001)
FireEyeSupplyChain

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (63)

Void Manticore uses COBALT MYSTIQUEHandala Hack

AlienVault Confidence 100

[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active …

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:51 · Modified 04/05/2026 16:33
Coquettte uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:41 · Modified 21/12/2025 12:41
MimiStick uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:27 · Modified 21/12/2025 07:27
Sea Turtle uses Teal KurmaCosmic Wolf

The MITRE Corporation Confidence 100

[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
TA505 uses Hive0065Spandex Tempest

The MITRE Corporation Confidence 100

[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA505](https://attack.mitre.org/groups/G0092) is known for frequently changing malware, driving global trends in criminal malware distribution, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
APT-C-36 uses Blind Eagle

The MITRE Corporation Confidence 100

[APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
UAC-0057 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:45 · Modified 21/12/2025 15:45
APT37 uses InkySquidGroup123

The MITRE Corporation Confidence 100

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
SideCopy uses

The MITRE Corporation Confidence 100

[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
Earth Lusca uses TAG-22Charcoal Typhoon

The MITRE Corporation Confidence 100

[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
ransomhouse uses

Ransomware.Live Confidence 100

No description available

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 08:55 · Modified 21/12/2025 02:58
Mirai uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:57 · Modified 21/12/2025 12:57
MuddyWater uses Earth VetalaStatic Kitten

The MITRE Corporation Confidence 100

[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
APT1 uses Comment CrewComment Group

The MITRE Corporation Confidence 100

[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
Ailurophile Stealer threat actor uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:57 · Modified 21/12/2025 06:57
UNC3886 uses

The MITRE Corporation Confidence 100

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Astaroth uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:52 · Modified 21/12/2025 02:52
SideCopy, Transparent Tribe (APT36) uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:07 · Modified 21/12/2025 13:07
KONNI uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:41 · Modified 22/01/2026 21:32
Lazarus uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
LAPSUS$ uses DEV-0537Strawberry Tempest

The MITRE Corporation Confidence 100

[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://attack.mitre.org/groups/G1004) specializes in large-scale social engineering and extortion operations, including destructive attacks without the …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Prometei uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:03 · Modified 21/12/2025 08:03
BackdoorDiplomacy uses

The MITRE Corporation Confidence 100

[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since at least 2017. [BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Earth Baxia uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:15 · Modified 21/12/2025 07:15
AMOS threat group uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:32 · Modified 21/12/2025 15:32
Mallox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:47 · Modified 21/12/2025 04:47
Inception Framework uses Cloud AtlasInception

The MITRE Corporation Confidence 100

[Inception](https://attack.mitre.org/groups/G0100) is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 25/05/2026 11:50
Slavic Nation Empire uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:56 · Modified 21/12/2025 07:56
APT 41 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:29 · Modified 21/12/2025 04:29
Metador uses

The MITRE Corporation Confidence 100

[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
Starry Addax uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:39 · Modified 21/12/2025 03:39
NetMedved uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 19:02 · Modified 21/12/2025 19:02
BlindEagle uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:53 · Modified 27/05/2026 15:52
Void Blizzard uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:54 · Modified 21/12/2025 13:54
Silver Fox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:22 · Modified 21/12/2025 00:22
Aquatic Panda uses

The MITRE Corporation Confidence 100

[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Scattered Spider uses Roasted 0ktapusOcto Tempest

The MITRE Corporation Confidence 100

[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
TA829 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:36 · Modified 21/12/2025 14:36
GroozaV2 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 18:01 · Modified 29/05/2026 12:20
MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS

The MITRE Corporation Confidence 100

[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
TA2541 uses

The MITRE Corporation Confidence 100

[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
FlyingYeti uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:31 · Modified 21/12/2025 04:31
TeamPCP uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/03/2026 22:18 · Modified 20/03/2026 22:18
APT32 uses SeaLotusAPT-C-00

The MITRE Corporation Confidence 100

[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
FamousSparrow uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:05 · Modified 21/12/2025 13:05
LazyScripter uses

The MITRE Corporation Confidence 100

[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.(Citation: MalwareBytes LazyScripter Feb 2021)

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
Winnti uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:07 · Modified 20/12/2025 22:07
Ghostwriter uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 09:32 · Modified 21/12/2025 09:32
Lumma uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:01 · Modified 21/12/2025 13:01
Turla uses IRON HUNTERGroup 88

The MITRE Corporation Confidence 100

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
Twelve uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:19 · Modified 21/12/2025 07:19
AISURU related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:49 · Modified 21/12/2025 17:49
APT36, SideCopy related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:08 · Modified 21/12/2025 06:08
Andariel related Silent ChollimaPLUTONIUM

The MITRE Corporation Confidence 100

[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Banana Squad related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:19 · Modified 21/12/2025 14:19
Candiru related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:25 · Modified 20/12/2025 21:25
Cavalry Werewolf related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 18:09 · Modified 21/12/2025 18:09
Contagious Interview related Gwisin GangTAG-121

The MITRE Corporation Confidence 100

[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
DPRK (North Korea) related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:24 · Modified 21/12/2025 08:24
LuminousMoth related

The MITRE Corporation Confidence 100

[LuminousMoth](https://attack.mitre.org/groups/G1014) is a Chinese-speaking cyber espionage group that has been active since at least October 2020. [LuminousMoth](https://attack.mitre.org/groups/G1014) has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
RapperBot related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:58 · Modified 21/12/2025 16:58
Saint Bear related UNC2589Bleeding Bear

The MITRE Corporation Confidence 100

[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool, …

First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Sharp Dragon related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:57 · Modified 21/12/2025 04:57

Malware (109)

Mirai uses

Family

Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
Margulas RAT uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:55 · Modified 21/12/2025 13:07
Mythic uses

Family

Published 11/08/2025 14:56 · Modified 11/08/2025 14:56
Mallox uses

Family

Published 25/10/2024 20:49 · Modified 25/10/2024 20:49
MeltingClaw uses

Family

Published 01/07/2025 08:07 · Modified 01/07/2025 08:07
AMOS Stealer uses

Family

Published 11/05/2026 11:49 · Modified 11/05/2026 11:49
Aisuru uses

Family

Published 29/01/2026 03:42 · Modified 29/01/2026 03:42
Winnti
Cobalt Strike - S0154 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
PylangGhost uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
Totbrick uses

Family

Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
Raccoon Stealer V2 uses

Family

Published 03/04/2025 17:18 · Modified 03/04/2025 17:18
Oyster uses

Family

Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
Sliver uses

Family

Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
SingleCamper uses

Family

Published 01/07/2025 08:07 · Modified 01/07/2025 08:07
Vidar uses

Family

Published 16/06/2026 09:50 · Modified 16/06/2026 09:50
Syncro uses

Family

Published 23/02/2026 09:34 · Modified 23/02/2026 09:34
DcRAT uses

Family

Published 01/03/2026 05:26 · Modified 01/03/2026 05:26
Korplug uses

The MITRE Corporation Confidence 100

[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation: …

First seen 01/01/1970 · Last seen 16/11/5138 Published 31/05/2017 23:32 · Modified 08/06/2026 10:23
Shamoon
Oblique RAT
ShadowPad - S0596 uses

Family

Published 30/04/2026 19:11 · Modified 30/04/2026 19:11
DocConnect uses

Family

Published 19/02/2026 11:10 · Modified 19/02/2026 11:10
Amadey - S1025 uses

Family

Published 29/09/2025 08:06 · Modified 29/09/2025 08:06
EAGLEDOOR uses

Family

Published 20/09/2024 11:22 · Modified 20/09/2024 11:22
RokRAT uses

Family

Published 05/02/2025 16:10 · Modified 05/02/2025 16:10
ShadyHammock uses

Family

Published 01/07/2025 08:07 · Modified 01/07/2025 08:07
DoppelPaymer uses

Family

Published 16/05/2025 16:33 · Modified 16/05/2025 16:33
Manuscrypt uses

Family

Published 30/01/2026 08:48 · Modified 30/01/2026 08:48
LOTUSLITE uses

Family

Published 22/04/2026 01:40 · Modified 22/04/2026 01:40
PrivateLoader uses

Family

Published 14/01/2025 15:22 · Modified 14/01/2025 15:22
BeaverTail uses

Family

Published 21/04/2026 12:09 · Modified 21/04/2026 12:09
Quasar RAT uses

Family

Published 15/05/2026 15:23 · Modified 15/05/2026 15:23
Grooza uses

Family

Published 01/10/2025 08:00 · Modified 01/10/2025 08:00
RIPCOY uses

Family

Published 20/09/2024 11:22 · Modified 20/09/2024 11:22
Trojan.Karagany
HemiGate uses

Family

Published 26/03/2025 20:15 · Modified 26/03/2025 20:15
Metasploit uses

Family

Published 03/02/2026 08:21 · Modified 03/02/2026 08:21
AlienReverse
SmartLoader uses

Family

Published 13/08/2025 15:43 · Modified 13/08/2025 15:43
UniShadowTrade uses

Family

Published 04/10/2024 10:27 · Modified 04/10/2024 10:27
WormGPT uses

Family

Published 20/12/2024 15:25 · Modified 20/12/2024 15:25
VSHELL uses

Family

Published 05/05/2026 14:07 · Modified 05/05/2026 14:07
Mario
LilithRAT uses

Family

Published 10/11/2025 11:14 · Modified 10/11/2025 11:14
RftRAT uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
Lumma uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:50 · Modified 21/12/2025 16:13
Mélofée
Rugmi uses

Family

Published 04/04/2025 19:54 · Modified 04/04/2025 19:54
Candiru
Shamoon - S0140 uses

Family

Published 04/03/2026 15:30 · Modified 04/03/2026 15:30
Contagious Trader uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
Penguish uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:17 · Modified 21/12/2025 13:21
Ares RAT uses

Family

Published 23/05/2025 09:59 · Modified 23/05/2025 09:59
Atera uses

Family

Published 17/04/2026 23:18 · Modified 17/04/2026 23:18
DustyHammock uses

Family

Published 01/07/2025 08:07 · Modified 01/07/2025 08:07
PlugX - S0013 uses

Family

Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
RapperBot uses

Family

Published 03/09/2025 05:57 · Modified 03/09/2025 05:57
LummaC2 uses

Family

Published 16/01/2026 20:33 · Modified 16/01/2026 20:33
Hive uses

Family

Published 11/04/2025 09:39 · Modified 11/04/2025 09:39
ShadowV2 uses

Family

Published 27/11/2025 07:37 · Modified 27/11/2025 07:37
FoalShell uses

Family

Published 02/10/2025 09:42 · Modified 02/10/2025 09:42
SparrowDoor uses

Family

Published 26/03/2025 20:15 · Modified 26/03/2025 20:15
Remcos RAT uses

Family

Published 17/06/2026 18:20 · Modified 17/06/2026 18:20
StallionRAT uses

Family

Published 02/10/2025 09:42 · Modified 02/10/2025 09:42
Salty2FA uses

Family

Published 02/12/2025 21:13 · Modified 02/12/2025 21:13
Kryptina uses

Family

Published 24/09/2024 14:42 · Modified 24/09/2024 14:42
GoldPickaxe uses

Family

Published 20/02/2025 20:48 · Modified 20/02/2025 20:48
STARKVEIL uses

Family

Published 28/05/2025 17:57 · Modified 28/05/2025 17:57
LockBit Black uses

Family

Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
GRIMPULL uses

Family

Published 28/05/2025 17:57 · Modified 28/05/2025 17:57
MARSSTEALER uses

Family

Published 14/01/2025 15:22 · Modified 14/01/2025 15:22
Karkadann
Geta RAT uses

Family

Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
RemcosRAT uses

Family

Published 22/04/2026 07:06 · Modified 22/04/2026 07:06
TrickBot - S0266 uses

Family

Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
Rhadamanthys uses

Family

Published 29/04/2026 02:24 · Modified 29/04/2026 02:24
Spark RAT uses

Family

Published 08/04/2025 19:06 · Modified 08/04/2025 19:06
SYS01 uses

Family

Published 04/11/2024 10:12 · Modified 04/11/2024 10:12
NetSupport RAT uses

Family

Published 22/05/2026 13:08 · Modified 22/05/2026 13:08
Guildma uses

Family

Published 19/05/2026 22:26 · Modified 19/05/2026 22:26
EndRAT uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
SWORDLDR uses

Family

Published 20/09/2024 11:22 · Modified 20/09/2024 11:22
MrAgent
InvisibleFerrett uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
PacketCrypt uses

Family

Published 20/02/2025 13:44 · Modified 20/02/2025 13:44
COOKBOX uses

Family

Published 31/05/2024 12:19 · Modified 31/05/2024 12:19
Poseidon uses

Family

Published 01/08/2025 12:31 · Modified 01/08/2025 12:31
QuasarRAT uses

Family

Published 25/02/2026 11:35 · Modified 25/02/2026 11:35
Lumma Stealer uses

Family

Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
HelloBot
Caminho uses

Family

Published 17/12/2025 02:49 · Modified 17/12/2025 02:49
BigSquatRAT uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
Auto-Color uses

Family

Published 21/05/2025 23:03 · Modified 21/05/2025 23:03
FROSTRIFT uses

Family

Published 28/05/2025 17:57 · Modified 28/05/2025 17:57
DISGOMOJI uses

Family

Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
FlexStarling uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:39 · Modified 21/12/2025 03:39
GolangGhost uses

Family

Published 18/03/2026 10:49 · Modified 18/03/2026 10:49
AllaKore RAT uses

Family

Published 21/08/2025 16:16 · Modified 21/08/2025 16:16
AceCryptor
Rescoms uses

Family

Published 25/05/2025 17:47 · Modified 25/05/2025 17:47
Redline uses

Family

Published 08/05/2026 11:31 · Modified 08/05/2026 11:31
Ailurophile Stealer uses

Family

Published 09/09/2024 09:26 · Modified 09/09/2024 09:26
AIRASHI uses

Family

Published 25/09/2025 09:20 · Modified 25/09/2025 09:20
Chaos RAT uses

Family

Published 06/06/2025 11:02 · Modified 06/06/2025 11:02
Capra RAT
SlipScreen uses

Family

Published 01/07/2025 08:07 · Modified 01/07/2025 08:07
PowerShower - S0441 uses

Family

Published 22/05/2026 13:08 · Modified 22/05/2026 13:08
Broomstick uses

Family

Published 12/06/2026 21:29 · Modified 12/06/2026 21:29

Reports (50)

Defending the Digital Pitch: World Cup 2026 Cyber … related

AlienVault Confidence 100 20 MITREs 1 IOC 1 Observable

Published 11/06/2026 23:09 · Modified 15/06/2026 19:16 · threat-report
Affidavit in Support of Application for Criminal Complaint related

AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables 1 APT

Published 11/06/2026 23:09 · Modified 15/06/2026 19:16 · threat-report
Threat Actor Targets Arabian Gulf Region With PlugX related

17 MITREs 2 Malwares 13 Observables 1 APT

Published 13/04/2026 14:40 · Modified 13/04/2026 14:48
Malicious PyPI Package - LiteLLM Supply Chain Compromise related

8 MITREs 1 Observable 1 APT

Published 25/03/2026 10:38 · Modified 27/03/2026 00:08
Contagious Trader campaign - Coordinated weaponisation of cryptocurrency … related

20 MITREs 7 Malwares 5 Observables 1 APT

Published 18/03/2026 10:49 · Modified 18/03/2026 11:21
NuGet malware targets crypto wallets, OAuth tokens related

9 MITREs

Published 17/12/2025 21:22 · Modified 21/12/2025 19:35
BlindEagle Targets Colombian Government Agency with Caminho and … related

19 MITREs 2 Malwares 24 Observables 1 APT

Published 17/12/2025 02:49 · Modified 21/12/2025 19:33
Russian Ruse: ValleyRAT Hits China via Fake Microsoft … related

9 MITREs 1 Malware 37 Observables 1 APT

Published 10/12/2025 17:22 · Modified 21/12/2025 18:58
Sneeit WordPress RCE Exploited in the Wild While … related

4 CVEs 9 MITREs 2 Malwares 6 Observables

Published 09/12/2025 12:50 · Modified 21/12/2025 18:50
Salty2FA & Tycoon2FA: Hybrid Phishing Threat related

10 MITREs 2 Malwares 1 APT

Published 02/12/2025 21:13 · Modified 21/12/2025 18:19
The 'Bear' attacks: what we learned about the … related

18 MITREs 2 Malwares 38 Observables 1 APT

Published 26/11/2025 09:39 · Modified 21/12/2025 18:02
Mirai Botnet Propagation and Exploitation of CVE-2025-24016 related

1 CVE 13 MITREs 1 Malware 40 Observables

Published 23/10/2025 13:40 · Modified 23/10/2025 14:11
The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega … related

9 CVEs 18 MITREs 2 Malwares 11 Observables 1 APT

Published 25/09/2025 09:20 · Modified 25/09/2025 14:48
An emerging DDoS for hire botnet related

12 MITREs 1 Malware

Published 25/09/2025 09:20 · Modified 25/09/2025 14:58
FileFix in the wild! New FileFix campaign goes … related

14 MITREs 1 Malware 17 Observables

Published 16/09/2025 14:29 · Modified 16/09/2025 14:42
Like PuTTY in Admin's Hands related

16 MITREs 2 Malwares

Published 27/08/2025 16:22 · Modified 27/08/2025 19:43
Pressure on Ukraine and Poland Continues related

14 MITREs 1 Malware 1 APT

Published 20/08/2025 17:38 · Modified 20/08/2025 21:20
Distribution of SmartLoader Malware via Github Repository Disguised … related

14 MITREs 4 Malwares 11 Observables

Published 13/08/2025 15:43 · Modified 13/08/2025 15:48
Fake Tesla Websites Scams related

4 MITREs

Published 10/08/2025 20:55 · Modified 11/08/2025 14:11
Ghost in the Zip | New PXA Stealer … related

14 MITREs 5 Observables

Published 04/08/2025 16:13 · Modified 04/08/2025 21:00
10 Things I Hate About Attribution: RomCom vs. … related

19 MITREs 9 Malwares 103 Observables 1 APT

Published 01/07/2025 08:07 · Modified 01/07/2025 08:36
Stealthy GitHub Malware Campaign Targets Devs related

8 MITREs 2 Observables 1 APT

Published 19/06/2025 22:30 · Modified 23/06/2025 23:01
Analysis of the latest Mirai wave exploiting TBK … related

5 MITREs 1 Malware 17 Observables 1 APT

Published 06/06/2025 12:45 · Modified 08/06/2025 17:09
From open-source to open threat: Tracking Chaos RAT’s … related

13 MITREs 1 Malware 23 Observables

Published 06/06/2025 11:02 · Modified 08/06/2025 17:04
Brand impersonation, online ads, and malicious merchants help … related

8 MITREs 71 Observables

Published 20/05/2025 21:16 · Modified 21/05/2025 22:05
The Good, the Bad and the Ugly in … related

1 CVE 14 MITREs 1 Malware 1 Observable 1 APT

Published 16/05/2025 16:33 · Modified 21/05/2025 20:49
Modern Incident Response: Tackling Malicious ML Artifacts related

10 MITREs 6 Malwares 2 Observables

Published 14/05/2025 13:56 · Modified 21/05/2025 19:59
Uncovering Actor TTP Patterns and the Role of … related

9 MITREs 87 Observables

Published 06/05/2025 15:50 · Modified 06/05/2025 20:16
Steganography Analysis With pngdump.py related

4 MITREs

Published 26/04/2025 09:40 · Modified 28/04/2025 08:51
Ransomware Initial Access Brokers Exposed related

13 MITREs 2 Malwares

Published 11/04/2025 09:39 · Modified 11/04/2025 16:14
Where to Find Aspiring Hackers related

11 MITREs 7 Malwares 1 APT

Published 04/04/2025 19:54 · Modified 07/04/2025 08:04
Amateur Hacker Leverages Bulletproof Hosting Server to Spread … related

13 MITREs 6 Malwares 6 Observables 1 APT

Published 03/04/2025 17:18 · Modified 03/04/2025 18:31
You will always remember this as the day … related

21 MITREs 3 Malwares 12 Observables 1 APT

Published 26/03/2025 20:15 · Modified 26/03/2025 20:51
Demystifying PKT and Monero Cryptocurrency deployed on MSSQL … related

18 MITREs 2 Malwares

Published 20/02/2025 13:44 · Modified 21/02/2025 15:29
Trimble Cityworks: CVE-2025-0994: Active Exploitation related

1 CVE 10 MITREs 2 Malwares 16 Observables

Published 20/02/2025 02:49 · Modified 20/02/2025 08:58
Analysis of malicious HWP cases of 'APT37' group … related

9 MITREs 1 Malware 1 APT

Published 05/02/2025 16:10 · Modified 05/02/2025 21:48
Hackers Hijack JFK File Release: Malware & Phishing … related

10 MITREs 3 Malwares 4 Observables

Published 03/02/2025 03:58 · Modified 03/02/2025 11:42
Tracking Adversaries: Ghostwriter APT Infrastructure related

1 CVE 7 MITREs 1 Malware 25 Observables 1 APT

Published 24/01/2025 13:30 · Modified 24/01/2025 14:24
How Cracks and Installers Bring Malware to Your … related

14 MITREs 10 Malwares

Published 14/01/2025 15:22 · Modified 15/01/2025 19:48
APT32 Poisoning GitHub, Targeting Chinese Cybersecurity Professionals and … related

17 MITREs 1 Malware 1 APT

Published 09/01/2025 08:56 · Modified 09/01/2025 09:38
PacketCrypt Classic Cryptocurrency Miner on PHP Servers related

9 MITREs 6 Observables

Published 07/01/2025 14:23 · Modified 07/01/2025 16:36
Now You See Me, Now You Don't: Using … related

7 MITREs 2 Malwares 5 Observables

Published 20/12/2024 15:25 · Modified 20/12/2024 16:41
Your Data Is Under New Management: The Rise … related

16 MITREs 1 Malware

Published 18/12/2024 18:13 · Modified 18/12/2024 19:37
Differential analysis raises red flags over @lottiefiles/lottie-player related

6 MITREs

Published 22/11/2024 04:49 · Modified 22/11/2024 09:24
Marketplace for stolen credit cards disrupted by feds related

8 MITREs 2 Observables

Published 22/11/2024 04:49 · Modified 22/11/2024 09:24
Zoom-In: A Closer Look into the Malware Artifacts, … related

3 CVEs 14 MITREs 2 Malwares 25 Observables

Published 19/11/2024 21:59 · Modified 20/11/2024 09:22
InfoStealer Malware Attacking Meta Business Page To Steal … related

16 MITREs 1 Malware 26 Observables

Published 04/11/2024 10:12 · Modified 04/11/2024 11:32
Tenacious Pungsan: A DPRK threat actor linked to … related

15 MITREs 2 Malwares 1 Observable 1 APT

Published 25/10/2024 13:53 · Modified 25/10/2024 15:52
Lazarus APT steals cryptocurrency and user data via … related

1 CVE 12 MITREs 1 Malware 2 Observables 1 APT

Published 23/10/2024 11:07 · Modified 23/10/2024 13:19
ClickFix tactic: The Phantom Meet related

9 MITREs 3 Malwares 171 Observables 1 APT

Published 18/10/2024 15:56 · Modified 18/10/2024 16:26

Vulnerabilities (CVE) (33)

CVE-2024-4947 KEV

9.6 Critical

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Attack vector: Network
Published: 20/05/2024
Modified: 29/05/2026

Received

CVE-2023-50381

7.2 High

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of …

Attack vector: NETWORK
Published: 08/07/2024
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-2611

9.3 Critical

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie …

Published: 20/12/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-1610

6.3 Medium

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of …

Attack vector: NETWORK
Published: 24/02/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2013-3307

8.3 High

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in …

Attack vector: NETWORK
Published: 11/07/2025
Modified: 21/12/2025

CVE-2025-27920 KEV

7.2 High

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, …

Attack vector: Network
Published: 19/05/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-42009 KEV

9.3 Critical

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim …

Attack vector: Network
Published: 09/06/2025
Modified: 21/12/2025

Received

CVE-2023-43261

7.5 High

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Attack vector: Network
Published: 04/10/2023
Modified: 29/05/2026

CVE-2013-1599

9.8 Critical

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …

Attack vector: NETWORK
Published: 28/01/2020
Modified: 21/12/2025

CVE-2023-38831 KEV

7.8 High

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …

Attack vector: Local
Published: 24/08/2023
Modified: 27/05/2026

CVE-2013-5948

Published: 20/12/2025
Modified: 21/12/2025

CVE-2025-24016 KEV

9.9 Critical

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to …

Attack vector: Network
Published: 10/06/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-3721

6.3 Medium

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …

Attack vector: NETWORK
Published: 13/04/2024
Modified: 21/12/2025

CVE-2022-44149

8.8 High

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON …

Attack vector: NETWORK
Published: 06/01/2023
Modified: 21/12/2025

CVE-2022-30190 KEV

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …

Published: 14/06/2022
Modified: 27/05/2026

CVE-2023-33538 KEV

8.8 High

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be …

Attack vector: Network
Published: 16/06/2025
Modified: 21/12/2025

CVE-2021-22005 KEV

VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2021-30551 KEV

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2025-66516

10.0 Critical

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out …

Attack vector: Local
Published: 20/12/2025
Modified: 30/12/2025

Analyzed

CVE-2023-0669 KEV

7.2 High

Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled …

Attack vector: Network
Published: 10/02/2023
Modified: 21/12/2025

CVE-2024-0012 KEV

9.8 Critical

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …

Attack vector: Network
Published: 18/11/2024
Modified: 21/12/2025

Undergoing Analysis

CVE-2025-0994 KEV

8.8 High

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This …

Attack vector: Network
Published: 07/02/2025
Modified: 21/12/2025

Analyzed

CVE-2023-50358

CVE-2021-33742 KEV

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Published: 03/11/2021
Modified: 21/12/2025

CVE-2021-21972 KEV

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2025-6389

9.8 Critical

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the …

Attack vector: NETWORK
Published: 25/11/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2023-28771 KEV

9.8 Critical

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute …

Attack vector: Network
Published: 31/05/2023
Modified: 21/12/2025

CVE-2024-36401 KEV

9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector: Network
Published: 15/07/2024
Modified: 21/12/2025

CVE-2024-21338 KEV

7.8 High

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …

Attack vector: Local
Published: 04/03/2024
Modified: 21/12/2025

CVE-2017-5259

9.0 Critical

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path …

Published: 20/12/2017
Modified: 13/05/2026

CWE-489 CWE-319

CVE-2025-31324 KEV

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

CVE-2021-21166 KEV

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2022-35733

9.8 Critical

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions …

Attack vector: NETWORK
Published: 23/08/2022
Modified: 21/12/2025

Attack patterns (MITRE) (1)

T1588 subtechnique-of

Obtain Capabilities

Campaign (4)

Operation Spalax uses
C0015 uses
FunnyDream uses
J-magic Campaign uses

Course Of Action (1)

Pre-compromise mitigates

Contact About Legal notice Privacy policy Terms of use