T1008: T1008

Search IOCs, vulnerabilities, APT…

216.73.217.121

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/04/2026 16:36

Essential information

MITRE technique ID: T1008
Confidence: 100/100
Revoked: No
Published: 16/12/2025 19:38
Modified: 27/04/2026 16:36
Author / Source: The MITRE Corporation

Aliases

Fallback Channels

Platforms

windows macos linux ESXi

Description

Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

mitre-attack (T1008)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (19)

APT37 uses InkySquidGroup123

The MITRE Corporation Confidence 100

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…

First seen 01/01/1970 · Last seen 16/11/5138 ·
LilacSquid uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FIN7 uses GOLD NIAGARAITG14

The MITRE Corporation Confidence 100

[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gamaredon Group uses IRON TILDENPrimitive Bear

The MITRE Corporation Confidence 100

[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name…

First seen 01/01/1970 · Last seen 16/11/5138 ·
PolarEdge uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Lazarus Group uses HIDDEN COBRAGuardians of Peace

The MITRE Corporation Confidence 100

[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…

First seen 01/01/1970 · Last seen 16/11/5138 ·
UNC3886 uses

The MITRE Corporation Confidence 100

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Lunar Spider uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Static Tundra uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Turla uses IRON HUNTERGroup 88

The MITRE Corporation Confidence 100

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gamaredon uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
ERMAC uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

1–12 of 19

Xorddos uses

Family
HOPLIGHT uses
MiniDuke uses
TA428 uses
GammaWorm uses

Family
BPFDoor uses

Family
CmEx uses
JHUHUGIT uses
Albaniiutas uses
VLTRig uses

Family
Ailurophile Stealer uses

Family
Ermac uses

Family

← Previous

Page / 11

1–12 of 123

Matryoshka #3/3: Gamaredon's Gammasteel Infostealer related

18 MITREs 5 Malwares 2 Observables 1 APT
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build … related

19 MITREs 3 Malwares 10 Observables 1 APT
The Group Theory Inside Bedep's DGA related

1 CVE 16 MITREs 2 Malwares 1 Observable
Silver Fox Targeting India Using Tax Themed Phishing … related

19 MITREs 1 Malware 8 Observables 1 APT
A look at PolarEdge Adjacent Infrastructure related

1 CVE 5 MITREs 1 Malware 4 Observables 1 APT
Ailurophile Stealer related

12 MITREs 1 Malware 3 Observables 1 APT
Profiling and Detecting Malicious DNS Traffic related

16 MITREs 5 Observables
The stealthy trilogy of PurpleInk, InkBox and InkLoader related

20 MITREs 4 Malwares 4 Observables 1 APT
Linux Trojan - Xorddos with Filename eyshcjdmzg related

12 MITREs 1 Malware 11 Observables

Vulnerabilities (CVE) (10)

CVE-2015-0311 targets

CVE-2025-41244 KEV targets

7.8 High

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges …

Attack vector: Local
Published: 30/10/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

CVE-2025-20265 targets

10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector: Network
Published: 14/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-14847 KEV targets

8.7 High

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue …

Attack vector: NETWORK
Published: 19/12/2025
Modified: 26/01/2026

Awaiting Analysis

CVE-2023-20118 KEV targets

6.5 Medium

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an …

Attack vector: Network
Published: 03/03/2025
Modified: 21/12/2025

CVE-2025-8110 targets

8.7 High

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Published: 10/12/2025
Modified: 12/12/2025

Awaiting Analysis

CVE-2018-0171 KEV targets

9.8 Critical

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected …

Attack vector: NETWORK
Published: 03/11/2021
Modified: 14/01/2026

CVE-2025-7775 KEV targets

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2017-0213 KEV targets

7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector: LOCAL
Complexity: LOW
Published: 12/05/2017
Modified: 22/04/2026

Tool (1)

Mythic uses

The MITRE Corporation Confidence 100

[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…

Campaign (1)

Night Dragon uses

Course Of Action (1)

Network Intrusion Prevention mitigates

Contact About Legal notice Privacy policy Terms of use

T1008: T1008

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (19)

Malware (123)

Reports (10)

Vulnerabilities (CVE) (10)

Tool (1)

Campaign (1)

Course Of Action (1)