Mimikatz
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:35
- Modified
- 26/06/2026 10:38
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 69 attack patterns (mitre), 5 intrusion sets (apt), 9 sectors, 8 countries, 95 indicators, 14 vulnerabilities (cve), 18 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (69)
-
T1048.002 usesExfiltration Over Asymmetric Encrypted Non-C2 Protocol MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1590 usesGather Victim Network Information MITRE
-
T1018 usesRemote System Discovery MITRE
-
T1078.002 usesDomain Accounts MITRE
-
T1078.003 usesLocal Accounts MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1037.004 usesRC Scripts MITRE
-
T1552 usesUnsecured Credentials MITRE
-
T1175 MITRE
-
T1021.001 usesRemote Desktop Protocol MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
Intrusion sets (APT) (5)
-
The Gentlemen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhantus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kimsuky and Andariel usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Jumpy Pisces usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (9)
-
Commercial Facilities targets
-
Emergency Services targets
-
Energy targets
-
Information Technologies Consulting targets
-
High-tech targets
-
Technology targets
-
Education targets
-
Government targets
-
Manufacturing targets
Countries (8)
-
British Indian Ocean Territory targets
-
Kazakhstan targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
South Africa targets
-
France targets
-
India targets
-
Singapore targets
-
Brazil targets
Indicators (95)
-
stix 100/100 Revoked
Delphi
· Valid until 29/10/2025 · Source: AlienVault -
stix 100/100· Valid until 22/06/2027 · Source: AlienVault
-
stix 100/100· Valid until 08/05/2027 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 09/06/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 01/11/2025 · Source: AlienVault
-
stix 100/100· Valid until 08/05/2027 · Source: AlienVault
-
stix 100/100· Valid until 06/12/2026 · Source: AlienVault
-
stix 100/100· Valid until 16/04/2027 · Source: AlienVault
-
ap-northeast-1.s3-azure.comindicatesstix 100/100 Revoked· Valid until 25/06/2026 · Source: AlienVault -
stix 100/100 Revoked· Valid until 23/11/2025 · Source: AlienVault
-
stix 100/100· Valid until 06/12/2026 · Source: AlienVault
Vulnerabilities (CVE) (14)
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow …
- Attack vector
- Network
- Published
- 31/10/2023
- Modified
- 21/12/2025
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
- Attack vector
- Network
- Published
- 19/07/2023
- Modified
- 27/05/2026
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
- Attack vector
- Network
- Published
- 17/10/2024
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/05/2017
- Modified
- 22/04/2026
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
- Attack vector
- Network
- Published
- 20/07/2023
- Modified
- 30/06/2026
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …
- Published
- 14/06/2022
- Modified
- 27/05/2026
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
- Attack vector
- Network
- Published
- 15/03/2023
- Modified
- 21/12/2025
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …
- Published
- 03/03/2025
- Modified
- 20/12/2025
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
Reports (18)
-
AlienVault Confidence 100 1 CVE 23 MITREs 6 Malwares 32 IOCs 32 Observables
-
AlienVault Confidence 100 20 MITREs 16 Malwares 42 IOCs 42 Observables 1 APT
-
3 CVEs 20 MITREs 2 Malwares 2 Observables
-
46 MITREs 6 Malwares 27 Observables 1 APT
-
10 MITREs 6 Malwares 17 Observables 1 APT
-
10 CVEs 18 MITREs 4 Malwares 62 Observables 1 APT
-
4 Malwares 1 APT
-
25 MITREs 2 Malwares 9 Observables 1 APT
-
16 MITREs 5 Malwares 1 APT
-
6 Malwares 2 Observables 1 APT
-
8 MITREs 4 Malwares 8 Observables
-
8 MITREs 6 Malwares