TA0003: TA0003

Search IOCs, vulnerabilities, APT…

216.73.217.64

← Back to attack patterns

View on MITRE ATT&CK AlienVault · Published 20/12/2025 21:59 · Modified 27/05/2026 15:52

Essential information

MITRE technique ID: TA0003
Confidence: 100/100
Revoked: No
Published: 20/12/2025 21:59
Modified: 27/05/2026 15:52
Author / Source: AlienVault

Description

No description.

Marking (TLP)

TLP:GREEN

External references

mitre-attack (TA0003)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (15)

8220 Gang uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
GoldenJackal uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
UTA0178 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FIN7 uses GOLD NIAGARAITG14

The MITRE Corporation Confidence 100

[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Metador uses

The MITRE Corporation Confidence 100

[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Sandworm uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
RedEyes uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
RomCom uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Magic Hound uses COBALT ILLUSIONITG18

The MITRE Corporation Confidence 100

[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-36 uses Blind Eagle

The MITRE Corporation Confidence 100

[APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT33 uses HOLMIUMElfin

The MITRE Corporation Confidence 100

[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
VexTrio uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

1–12 of 15

BellaCiao uses

Family
GreyEnergy - S0342 uses
Kapeka uses
LockBit uses

Family
WIREFIRE uses
Redline uses

Family
Lumma Stealer uses

Family
Rubeus uses

Family
SilverRAT uses
SharpHound uses

Family
Jackal uses
RAT uses

Family

← Previous

Page / 4

1–12 of 38

Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
GUNRA RANSOMWARE: What You Don't Know! related

22 MITREs 3 Malwares 1 APT
Suspected APT-C-00 Delivers Havoc Trojan related

4 MITREs 1 Malware 1 APT
Effective Phishing Campaign Targeting European Companies and Institutions related

5 MITREs 50 Observables
EDR Bypass Testing Reveals Extortion Actor's Toolkit related

8 MITREs 6 Malwares
Attackers deploying new tactics in campaign targeting exposed … related

2 CVEs 4 MITREs 37 Observables

Vulnerabilities (CVE) (8)

CVE-2022-26134 KEV targets

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published: 02/06/2022
Modified: 27/05/2026

CVE-2024-21888 targets

8.8 High

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user …

Attack vector: NETWORK
Published: 31/01/2024
Modified: 21/12/2025

CVE-2017-8291 KEV targets

7.8 High

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

Attack vector: LOCAL
Complexity: LOW
Published: 27/04/2017
Modified: 22/04/2026

CWE-843

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-22515 KEV targets

9.8 Critical

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …

Attack vector: Network
Published: 05/10/2023
Modified: 21/12/2025

CVE-2024-22024 targets

8.3 High

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) …

Attack vector: Network
Published: 13/02/2024
Modified: 27/05/2026

Contact About Legal notice Privacy policy Terms of use