T1595.002: T1595.002
Essential information
- MITRE technique ID
T1595.002- Confidence
- 100/100
- Revoked
- No
- Published
- 02/10/2020 18:55
- Modified
- 21/05/2026 02:35
- Author / Source
- The MITRE Corporation
Aliases
Vulnerability Scanning
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | reconnaissance |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (26)
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Muddling Meerkat usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (34)
-
ForestTiger usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HazyLoad usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Brute Ratel usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XMRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Moobot usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Gafgyt usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sysrv usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Supershell usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Shahmaran usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WhisperGate - S0689 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Androxgh0st usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VSHELL usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (7)
-
AlienVault Confidence 100 20 MITREs 7 IOCs 7 Observables
-
AlienVault Confidence 100 3 CVEs 20 MITREs 1 Malware 23 IOCs 23 Observables
-
AlienVault Confidence 100 1 CVE 10 MITREs 9 IOCs 9 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
AlienVault Confidence 100 4 CVEs 19 MITREs 5 Malwares 5 IOCs 5 Observables
-
1 CVE 6 MITREs 2 Malwares 25 Observables 1 APT
-
14 MITREs 10 Observables 1 APT
Vulnerabilities (CVE) (35)
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, …
- Attack vector
- Network
- Published
- 22/02/2024
- Modified
- 28/02/2026
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands …
- Attack vector
- Network
- Published
- 04/12/2024
- Modified
- 21/12/2025
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 03/07/2017
- Modified
- 22/04/2026
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …
- Attack vector
- Local
- Published
- 04/03/2024
- Modified
- 21/12/2025
targets
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before …
- Attack vector
- Network
- Complexity
- Low
- Published
- 25/08/2016
- Modified
- 17/06/2026
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- Attack vector
- Adjacent
- Complexity
- LOW
- Published
- 23/02/2015
- Modified
- 22/04/2026
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/06/2017
- Modified
- 22/04/2026
- Published
- 20/12/2025
- Modified
- 20/12/2025
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
- Attack vector
- Network
- Complexity
- Low
- Published
- 28/03/2022
- Modified
- 05/07/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026
Course Of Action (1)
-
Pre-compromise mitigates
Campaign (3)
-
SharePoint ToolShell Exploitation uses
-
Anthropic AI-orchestrated Campaign uses
-
Cutting Edge uses