TA0011: TA0011
Essential information
- MITRE technique ID
TA0011- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:32
- Modified
- 27/05/2026 15:52
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (14)
-
GoldenJackal usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Zanubis usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Metador usesThe MITRE Corporation Confidence 100
[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RomCom usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT-Q-36 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Saaiwc Group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
gunra usesAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
Sandworm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kimusky usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hydrochasma usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (53)
-
DoNoT Loader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Jackal usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kapeka usesFamily The MITRE Corporation Confidence 100
Kapeka is a backdoor written in C++ used against victims in Eastern Europe since at least mid-2022. Kapeka has technical overlaps with [Exaramel for Windows](https://attack.mitre.org/software/S0343) and [Prestige](https://attack.mitre.org/software/S1058) malware…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AgentTesla usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustBucket usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MacStealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DoubleTrouble usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lumma Stealer usesThe MITRE Corporation Confidence 100
[Lumma Stealer](https://attack.mitre.org/software/S1213) is an information stealer malware family in use since at least 2022. [Lumma Stealer](https://attack.mitre.org/software/S1213) is a Malware as a Service (MaaS) where captured data has been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AsyncRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Black Basta usesFamily The MITRE Corporation Confidence 100
[Black Basta](https://attack.mitre.org/software/S1070) is ransomware written in C++ that has been offered within the ransomware-as-a-service (RaaS) model since at least April 2022; there are variants that target Windows and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rclone usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (13)
-
4 MITREs 1 Malware 63 Observables
Vulnerabilities (CVE) (10)
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- Attack vector
- Adjacent
- Complexity
- LOW
- Published
- 23/02/2015
- Modified
- 22/04/2026
Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
- Published
- 08/09/2022
- Modified
- 20/12/2025
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
- Published
- 20/12/2025
- Modified
- 20/12/2025
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
- Attack vector
- Network
- Complexity
- Low
- Published
- 28/03/2022
- Modified
- 05/07/2026
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
- Published
- 20/12/2025
- Modified
- 21/12/2025
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 27/05/2026