TA0011: TA0011
Essential information
- MITRE technique ID
TA0011- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 19:32
- Modified
- 27/05/2026 15:52
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:GREEN
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (14)
-
SnakeKeylogger usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-26 (Lazarus) usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (53)
-
DoNoT Loader usesFamily
-
Jackal uses
-
Kapeka uses
-
AgentTesla usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustBucket usesFamily
-
MacStealer uses
-
DoubleTrouble usesFamily
-
Lumma Stealer usesThe MITRE Corporation Confidence 100
[Lumma Stealer](https://attack.mitre.org/software/S1213) is an information stealer malware family in use since at least 2022. [Lumma Stealer](https://attack.mitre.org/software/S1213) is a Malware as a Service (MaaS) where captured data has been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AsyncRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Black Basta usesFamily The MITRE Corporation Confidence 100
[Black Basta](https://attack.mitre.org/software/S1070) is ransomware written in C++ that has been offered within the ransomware-as-a-service (RaaS) model since at least April 2022; there are variants that target Windows and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rclone usesFamily
-
Remcos usesFamily
Reports (13)
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
22 MITREs 3 Malwares 1 APT
-
1 MITRE 200 Observables
-
1 MITRE 200 Observables
-
3 MITREs 1 Malware 40 Observables
-
1 MITRE 1 Malware 8 Observables 1 APT
-
17 MITREs 1 Malware 5 Observables 1 APT
-
DigiEver Fix That IoT Thing! related3 MITREs 1 Malware 32 Observables
-
5 MITREs 50 Observables
-
8 MITREs 6 Malwares
-
3 MITREs 17 Observables
-
1 MITRE 1 Malware 1 Observable
Vulnerabilities (CVE) (10)
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- Attack vector
- Adjacent
- Complexity
- LOW
- Published
- 23/02/2015
- Modified
- 22/04/2026
targets
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
targets
targets
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
- Published
- 20/12/2025
- Modified
- 21/12/2025
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 27/05/2026