TA0003: TA0003

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK AlienVault · Published 20/12/2025 19:35 · Modified 27/05/2026 15:52

Essential information

MITRE technique ID: TA0003
Confidence: 100/100
Revoked: No
Published: 20/12/2025 19:35
Modified: 27/05/2026 15:52
Author / Source: AlienVault

Description

No description.

Marking (TLP)

TLP:GREEN

External references

mitre-attack (TA0003)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (15)

CozyDuke uses IRON RITUALIRON HEMLOCK

The MITRE Corporation Confidence 100

[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…

First seen 01/01/1970 · Last seen 16/11/5138 ·
gunra uses

AlienVault Confidence 100

No description available

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-00 (Ocean Lotus) uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

13–15 of 15

BellaCiao uses

Family
GreyEnergy - S0342 uses
Kapeka uses
LockBit uses

Family
WIREFIRE uses
Redline uses

Family
Lumma Stealer uses

Family
Rubeus uses

Family
SilverRAT uses
SharpHound uses

Family
Jackal uses
RAT uses

Family

← Previous

Page / 4

1–12 of 38

Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
GUNRA RANSOMWARE: What You Don't Know! related

22 MITREs 3 Malwares 1 APT
Suspected APT-C-00 Delivers Havoc Trojan related

4 MITREs 1 Malware 1 APT
Effective Phishing Campaign Targeting European Companies and Institutions related

5 MITREs 50 Observables
EDR Bypass Testing Reveals Extortion Actor's Toolkit related

8 MITREs 6 Malwares
Attackers deploying new tactics in campaign targeting exposed … related

2 CVEs 4 MITREs 37 Observables

Vulnerabilities (CVE) (8)

CVE-2022-26134 KEV targets

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published: 02/06/2022
Modified: 27/05/2026

CVE-2024-21888 targets

8.8 High

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user …

Attack vector: NETWORK
Published: 31/01/2024
Modified: 21/12/2025

CVE-2017-8291 KEV targets

7.8 High

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

Attack vector: LOCAL
Complexity: LOW
Published: 27/04/2017
Modified: 22/04/2026

CWE-843

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-22515 KEV targets

9.8 Critical

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …

Attack vector: Network
Published: 05/10/2023
Modified: 21/12/2025

CVE-2024-22024 targets

8.3 High

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) …

Attack vector: Network
Published: 13/02/2024
Modified: 27/05/2026

Contact About Legal notice Privacy policy Terms of use