TA0011: TA0011

Search IOCs, vulnerabilities, APT…

216.73.217.64

← Back to attack patterns

View on MITRE ATT&CK AlienVault · Published 20/12/2025 19:35 · Modified 27/05/2026 15:52

Essential information

MITRE technique ID: TA0011
Confidence: 100/100
Revoked: No
Published: 20/12/2025 19:35
Modified: 27/05/2026 15:52
Author / Source: AlienVault

Description

No description.

Marking (TLP)

TLP:GREEN

External references

mitre-attack (TA0011)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (14)

GoldenJackal uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Zanubis uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Metador uses

The MITRE Corporation Confidence 100

[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities…

First seen 01/01/1970 · Last seen 16/11/5138 ·
STARDUST CHOLLIMA uses NICKEL GLADSTONEBeagleBoyz

The MITRE Corporation Confidence 100

[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…

First seen 01/01/1970 · Last seen 16/11/5138 ·
RomCom uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
CozyDuke uses IRON RITUALIRON HEMLOCK

The MITRE Corporation Confidence 100

[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-Q-36 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Saaiwc Group uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
gunra uses

AlienVault Confidence 100

No description available

First seen 01/01/1970 · Last seen 16/11/5138 ·
Sandworm uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Kimusky uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Hydrochasma uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

1–12 of 14

RedLine Stealer uses

Family
SnakeKeylogger uses

Family
Patchwork uses
theAgentTesla uses
ALF:HeraklezEval:Trojan:Win32/Lokibot uses
Smargaft uses
CoinMiner uses

Family
Mirai uses

Family
Dridex uses
RandomQuery uses

Family
Guildma uses

Family
FormBook uses

Family

← Previous

Page / 5

1–12 of 53

Threat landscape — insurance related

Confidence 100 199 MITREs 11 APTs
GUNRA RANSOMWARE: What You Don't Know! related

22 MITREs 3 Malwares 1 APT
Infrastructure of Interest: Medium Confidence Command And Control related

1 MITRE 200 Observables
Infrastructure of Interest: High Confidence Command And Control related

1 MITRE 200 Observables
Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed related

3 MITREs 1 Malware 40 Observables
Evolution of Zanubis, a banking Trojan for Android related

1 MITRE 1 Malware 8 Observables 1 APT
SnakeKeylogger – A Multistage Info Stealer Malware Campaign related

17 MITREs 1 Malware 5 Observables 1 APT
DigiEver Fix That IoT Thing! related

3 MITREs 1 Malware 32 Observables
Effective Phishing Campaign Targeting European Companies and Institutions related

5 MITREs 50 Observables
EDR Bypass Testing Reveals Extortion Actor's Toolkit related

8 MITREs 6 Malwares
AdsExhaust, a Newly Discovered Adware MasqueradingOculus… related

3 MITREs 17 Observables
Malicious Python Script with a "Best Before" Date … related

1 MITRE 1 Malware 1 Observable

← Previous

Page / 2

1–12 of 13

Vulnerabilities (CVE) (10)

CVE-2015-2051 KEV targets

8.8 High

D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Attack vector: Adjacent
Complexity: LOW
Published: 23/02/2015
Modified: 22/04/2026

CWE-77

CVE-2018-6530

targets

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

CVE-2022-28958

targets

CVE-2022-26258

targets

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

CVE-2020-8515 KEV targets

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Published: 03/11/2021
Modified: 20/12/2025

CVE-2013-5948 targets

Published: 20/12/2025
Modified: 21/12/2025

CVE-2021-22205 KEV targets

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …

Published: 03/11/2021
Modified: 20/12/2025

CVE-2021-40444 KEV targets

Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

Published: 03/11/2021
Modified: 27/05/2026

Contact About Legal notice Privacy policy Terms of use

TA0011: TA0011

Essential information

Description

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (14)

Malware (53)

Reports (13)

Vulnerabilities (CVE) (10)