TA0003: TA0003
Essential information
- MITRE technique ID
TA0003- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:35
- Modified
- 27/05/2026 15:52
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (15)
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
gunra usesAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (38)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SafetyKatz usesFamily
-
KANDYKORN usesFamily
-
DoNoT Loader usesFamily
-
Havoc RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GLASSTOKEN uses
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ModernLoader uses
-
Mimikatz usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Win32.PWS.Album uses
-
BUSHWALK uses
-
Trojan.Win32.KORPLUG.AJ.enc uses
Reports (6)
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
22 MITREs 3 Malwares 1 APT
-
4 MITREs 1 Malware 1 APT
-
5 MITREs 50 Observables
-
8 MITREs 6 Malwares
-
2 CVEs 4 MITREs 37 Observables
Vulnerabilities (CVE) (8)
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user …
- Attack vector
- NETWORK
- Published
- 31/01/2024
- Modified
- 21/12/2025
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 27/04/2017
- Modified
- 22/04/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) …
- Attack vector
- Network
- Published
- 13/02/2024
- Modified
- 27/05/2026