T1596: Search Open Technical Databases
Essential information
- MITRE technique ID
T1596- Confidence
- 100/100
- Revoked
- No
- Published
- 16/12/2025 19:38
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
T1596
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | reconnaissance |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (15)
-
I-SOON usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Knownsec usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Gamaredon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Muddling Meerkat usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Wazawaka usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (44)
-
Atharvan usesFamily
-
TigerRAT usesFamily
-
Araneida Scanner usesFamily
-
Nefilim usesFamily
-
NineRAT usesFamily
-
GhostX usesFamily
-
BlackCat - S1068 usesFamily
-
ELF Backdoor usesFamily
-
Black RAT usesFamily
-
ValidAlpha usesFamily
-
NoEscape usesFamily
-
DurianBeacon usesFamily
Reports (11)
-
4 MITREs 1 APT
-
5 MITREs 1 Malware
-
10 MITREs 1 Malware 13 Observables
-
5 MITREs 2 Malwares 31 Observables 1 APT
-
4 MITREs 1 Malware 1 APT
-
10 MITREs 1 APT
-
10 CVEs 25 MITREs 1 Malware 50 Observables
-
6 MITREs 5 Observables
-
13 MITREs 5 Malwares 33 Observables 1 APT
-
21 MITREs 22 Malwares 60 Observables 1 APT
-
14 MITREs 10 Observables 1 APT
Vulnerabilities (CVE) (11)
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Attack vector
- Network
- Published
- 23/09/2022
- Modified
- 27/05/2026
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially …
- Attack vector
- NETWORK
- Published
- 22/08/2025
- Modified
- 21/12/2025
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026
Attack patterns (MITRE) (5)
-
DNS/Passive DNS subtechnique-ofT1596.001 MITRE
-
Digital Certificates subtechnique-of
-
Scan Databases subtechnique-of
-
-
Course Of Action (1)
-
Pre-compromise mitigates