campaigns C0041 — Search

US Server Software Component: Web Shell, Sub-technique T1505.003 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1505/003

…ing arbitrary command execution on compromised Ivanti Connect Secure VPNs. [18] C0041 FrostyGoop Incident FrostyGoop Incident deployed a ReGeorg variant web shell to impacted systems following initial access for persistence. [31] G0093 GALLIUM GALLIUM used Web shells to persist i…

2026-04-25 06:00 View archive →

US Application Layer Protocol, Technique T1071 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1071

… used ports, and is frequently encapsulated by application layer protocols. [3] C0041 FrostyGoop Incident During FrostyGoop Incident , the adversary initiated Layer Two Tunnelling Protocol (L2TP) connections to Moscow-based IP addresses. [4] S0601 Hildegard Hildegard has used an …

2026-04-24 16:36 View archive →

US Exploit Public-Facing Application, Technique T1190 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1190

…o victim environments by exploiting multiple known vulnerabilities over several campaigns. [97] [98] C0045 ShadowRay During ShadowRay , threat actors exploited CVE-2023-48022 on publicly exposed Ray servers to steal computing power and to expose sensitive data. [99] S0623 Silosca…

2026-04-24 13:44 View archive →