T1588.002: T1588.002
Essential information
- MITRE technique ID
T1588.002- Confidence
- 100/100
- Revoked
- No
- Published
- 01/10/2020 04:08
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Tool
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | resource-development |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (70)
-
The MITRE Corporation Confidence 100
[APT19](https://attack.mitre.org/groups/G0073) is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT36, SideCopy relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT42 relatedThe MITRE Corporation Confidence 100
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Aoqin Dragon relatedThe MITRE Corporation Confidence 100
[Aoqin Dragon](https://attack.mitre.org/groups/G1007) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://attack.mitre.org/groups/G1007) has primarily targeted government, education, and telecommunication organizations…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Aquatic Panda relatedThe MITRE Corporation Confidence 100
[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Astaroth relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BackdoorDiplomacy relatedThe MITRE Corporation Confidence 100
[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since at least 2017. [BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. [BlackTech](https://attack.mitre.org/groups/G0098)…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (57)
-
Vulmap usesFamily
-
Capra RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesFamily
-
GITSHELLPAD usesFamily
-
Poseidon usesFamily
-
POOLRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
StealC usesFamily
-
mimelib2 usesFamily
-
rtk-logger usesFamily
Reports (50)
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables 1 APT
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
10 MITREs
-
AlienVault Confidence 100 14 MITREs 2 Malwares 21 IOCs 21 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
-
3 CVEs 22 MITREs 5 Malwares 16 Observables 1 APT
-
AlienVault Confidence 100 16 MITREs 3 IOCs 3 Observables 1 APT
-
20 MITREs 2 Malwares 15 Observables 1 APT
-
20 MITREs 3 Malwares 7 Observables 1 APT
-
20 MITREs 7 Malwares 5 Observables 1 APT
-
12 CVEs 16 MITREs 2 Malwares 29 Observables 1 APT
Vulnerabilities (CVE) (81)
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, …
- Attack vector
- Network
- Published
- 19/05/2025
- Modified
- 21/12/2025
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
- Attack vector
- LOCAL
- Published
- 03/09/2024
- Modified
- 21/12/2025
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of …
- Attack vector
- NETWORK
- Published
- 08/07/2024
- Modified
- 21/12/2025
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload …
- Attack vector
- Network
- Published
- 18/08/2025
- Modified
- 27/05/2026
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in …
- Attack vector
- NETWORK
- Published
- 11/07/2025
- Modified
- 21/12/2025
Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code …
- Attack vector
- Network
- Published
- 14/07/2025
- Modified
- 16/03/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …
- Attack vector
- NETWORK
- Published
- 28/01/2020
- Modified
- 21/12/2025
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …
- Attack vector
- Network
- Published
- 18/11/2024
- Modified
- 21/12/2025
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …
- Attack vector
- Network
- Complexity
- Low
- Published
- 03/02/2007
- Modified
- 27/05/2026
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma …
- Attack vector
- NETWORK
- Published
- 29/03/2024
- Modified
- 21/12/2025
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account …
- Attack vector
- Adjacent
- Published
- 25/08/2025
- Modified
- 27/05/2026
Campaign (10)
-
Night Dragon uses
-
C0017 uses
-
ShadowRay uses
-
C0015 uses
-
Operation Spalax uses
-
C0010 uses
-
Operation Wocao uses
-
Cutting Edge uses
-
Operation CuckooBees uses
-
Triton Safety Instrumented System Attack uses