T1588.006: T1588.006

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 15/10/2020 04:59 · Modified 30/03/2026 12:12

Essential information

MITRE technique ID: T1588.006
Confidence: 100/100
Revoked: No
Published: 15/10/2020 04:59
Modified: 30/03/2026 12:12
Author / Source: The MITRE Corporation

Aliases

Vulnerabilities

Platforms

PRE

Description

Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an adversary to cause unintended or unanticipated behavior to occur. Adversaries may find vulnerability information by searching open databases or gaining access to closed vulnerability databases.(Citation: National Vulnerability Database) An adversary may monitor vulnerability disclosures/databases to understand the state of existing, as well as newly discovered, vulnerabilities. There is usually a delay between when a vulnerability is discovered and when it is made public. An adversary may target the systems of those known to conduct vulnerability research (including commercial vendors). Knowledge of a vulnerability may cause an adversary to search for an existing exploit (i.e. [Exploits](https://attack.mitre.org/techniques/T1588/005)) or to attempt to develop one themselves (i.e. [Exploits](https://attack.mitre.org/techniques/T1587/004)).

Kill chain phases

Kill chain	Phase
mitre-attack	resource-development

Marking (TLP)

External references

mitre-attack (T1588.006)
National Vulnerability Database

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (8)

APT32 uses SeaLotusAPT-C-00

The MITRE Corporation Confidence 100

[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
RomCom uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Sandworm Team uses ELECTRUMTelebots

The MITRE Corporation Confidence 100

[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation:…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Volt Typhoon uses BRONZE SILHOUETTEVanguard Panda

The MITRE Corporation Confidence 100

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Prometei uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Storm-0501 uses

The MITRE Corporation Confidence 100

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been…

First seen 01/01/1970 · Last seen 16/11/5138 ·
mimo uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TeamPCP uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Malware (7)

SnipBot uses

Family
RustyClaw uses

Family
Mythic C2 agent uses

Family
IPRoyal uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Minus Ransomware uses

Family
XMRig uses

Family
jest-fet-mock uses

Family

Reports (8)

Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
Breaking the code: Multi-stage 'code of conduct' phishing … related

AlienVault Confidence 100 1 CVE 20 MITREs 9 IOCs 9 Observables
Inside the Bulletproof Hosting Network Behind 16,000+ Fake … related

AlienVault Confidence 100 15 MITREs 9 IOCs 9 Observables
Adobe Reader 0-day related

1 MITRE 4 Observables
Telnyx Python SDK Compromised to Deliver Credential-Stealing Malware related

13 MITREs 3 Observables 1 APT
Marketplace for stolen credit cards disrupted by feds related

8 MITREs 2 Observables
Supply Chain Attack Using Ethereum Smart Contracts to … related

11 MITREs 1 Malware 4 Observables

Vulnerabilities (CVE) (25)

CVE-2024-8069 KEV targets

8.0 High

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account …

Attack vector: Adjacent
Published: 25/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-57819 KEV targets

9.8 Critical

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary …

Attack vector: NETWORK
Complexity: Low
Published: 28/08/2025
Modified: 18/06/2026

CWE-89

CVE-2026-31431 KEV targets

7.8 High

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …

Attack vector: LOCAL
Complexity: LOW
EPSS: 0.0001 (P0.6%)
Published: 22/04/2026
Modified: 23/05/2026

CWE-669 Awaiting Analysis

CVE-2025-8424 targets

8.7 High

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the …

Published: 20/12/2025
Modified: 27/05/2026

Received

CVE-2020-25079 KEV targets

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service …

Published: 05/08/2025
Modified: 27/05/2026

CVE-2025-48384 KEV targets

8.0 High

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.

Attack vector: Network
Published: 25/08/2025
Modified: 27/05/2026

CVE-2022-40799 KEV targets

8.8 High

D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands …

Attack vector: Network
Published: 05/08/2025
Modified: 27/05/2026

CVE-2024-8068 KEV targets

8.0 High

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must …

Attack vector: Adjacent
Published: 25/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-20265 targets

10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector: Network
Published: 14/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2013-3893 KEV targets

8.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or …

Attack vector: Network
Complexity: Low
Published: 18/09/2013
Modified: 27/05/2026

CWE-399 CWE-416

CVE-2025-25256 targets

9.8 Critical

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

Received

CVE-2025-32432 KEV targets

10.0 Critical

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before …

Attack vector: NETWORK
Complexity: LOW
Published: 25/04/2025
Modified: 27/03/2026

CWE-94 Received

← Previous

Page / 3

1–12 of 25

T1588 subtechnique-of

Obtain Capabilities MITRE

Campaign (1)

Leviathan Australian Intrusions uses

Course Of Action (1)

Pre-compromise mitigates

Contact About Legal notice Privacy policy Terms of use