T1588.006: T1588.006

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 15/10/2020 04:59 · Modified 30/03/2026 12:12

Essential information

MITRE technique ID: T1588.006
Confidence: 100/100
Revoked: No
Published: 15/10/2020 04:59
Modified: 30/03/2026 12:12
Author / Source: The MITRE Corporation

Aliases

Vulnerabilities

Platforms

PRE

Description

Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an adversary to cause unintended or unanticipated behavior to occur. Adversaries may find vulnerability information by searching open databases or gaining access to closed vulnerability databases.(Citation: National Vulnerability Database) An adversary may monitor vulnerability disclosures/databases to understand the state of existing, as well as newly discovered, vulnerabilities. There is usually a delay between when a vulnerability is discovered and when it is made public. An adversary may target the systems of those known to conduct vulnerability research (including commercial vendors). Knowledge of a vulnerability may cause an adversary to search for an existing exploit (i.e. [Exploits](https://attack.mitre.org/techniques/T1588/005)) or to attempt to develop one themselves (i.e. [Exploits](https://attack.mitre.org/techniques/T1587/004)).

Kill chain phases

Kill chain	Phase
mitre-attack	resource-development

Marking (TLP)

External references

mitre-attack (T1588.006)
National Vulnerability Database

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (8)

APT32 uses SeaLotusAPT-C-00

The MITRE Corporation Confidence 100

[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
RomCom uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Sandworm Team uses ELECTRUMTelebots

The MITRE Corporation Confidence 100

[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation:…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Volt Typhoon uses BRONZE SILHOUETTEVanguard Panda

The MITRE Corporation Confidence 100

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Prometei uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Storm-0501 uses

The MITRE Corporation Confidence 100

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been…

First seen 01/01/1970 · Last seen 16/11/5138 ·
mimo uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
TeamPCP uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Malware (7)

SnipBot uses

Family
RustyClaw uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mythic C2 agent uses

Family
IPRoyal uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Minus Ransomware uses

Family
XMRig uses

Family
jest-fet-mock uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Reports (8)

Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
Breaking the code: Multi-stage 'code of conduct' phishing … related

AlienVault Confidence 100 1 CVE 20 MITREs 9 IOCs 9 Observables
Inside the Bulletproof Hosting Network Behind 16,000+ Fake … related

AlienVault Confidence 100 15 MITREs 9 IOCs 9 Observables
Adobe Reader 0-day related

1 MITRE 4 Observables
Telnyx Python SDK Compromised to Deliver Credential-Stealing Malware related

13 MITREs 3 Observables 1 APT
Marketplace for stolen credit cards disrupted by feds related

8 MITREs 2 Observables
Supply Chain Attack Using Ethereum Smart Contracts to … related

11 MITREs 1 Malware 4 Observables

Vulnerabilities (CVE) (25)

CVE-2007-0671 KEV targets

8.8 High

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …

Attack vector: Network
Complexity: Low
Published: 03/02/2007
Modified: 27/05/2026

CVE-2025-8088 KEV targets

8.8 High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

CVE-2024-26009 targets

8.1 High

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS …

Attack vector: Network
Complexity: High
Published: 12/08/2025
Modified: 27/05/2026

CWE-288 Received

CVE-2025-7775 KEV targets

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2025-8876 KEV targets

9.4 Critical

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Attack vector: Network
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2020-14882 KEV targets

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related …

Published: 03/11/2021
Modified: 20/12/2025

CVE-2025-7776 targets

8.8 High

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Undergoing Analysis

CVE-2025-8875 KEV targets

9.4 Critical

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Attack vector: Local
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2024-46483 targets

9.8 Critical

Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to …

Attack vector: NETWORK
Published: 23/10/2024
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-54948 KEV targets

9.4 Critical

Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload …

Attack vector: Network
Published: 18/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2020-25078 KEV targets

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be …

Published: 05/08/2025
Modified: 27/05/2026

CVE-2021-22986 KEV targets

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with …

Published: 03/11/2021
Modified: 20/12/2025

← Previous

Page / 3

13–24 of 25

T1588 subtechnique-of

Obtain Capabilities MITRE

Campaign (1)

Leviathan Australian Intrusions uses

Course Of Action (1)

Pre-compromise mitigates

Contact About Legal notice Privacy policy Terms of use