T1008: T1008

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/04/2026 16:36

Essential information

MITRE technique ID: T1008
Confidence: 100/100
Revoked: No
Published: 16/12/2025 19:38
Modified: 27/04/2026 16:36
Author / Source: The MITRE Corporation

Aliases

Fallback Channels

Platforms

windows macos linux ESXi

Description

Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.

Kill chain phases

Kill chain	Phase
mitre-attack	command-and-control

Marking (TLP)

External references

mitre-attack (T1008)
University of Birmingham C2

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (19)

Silver Fox uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Ailurophile Stealer threat actor uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Stanley uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT41 uses Wicked PandaBrass Typhoon

The MITRE Corporation Confidence 100

[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Tadashi uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
CoralRaider uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
OilRig uses COBALT GYPSYIRN2

The MITRE Corporation Confidence 100

[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 2

13–19 of 19

Xorddos uses

Family
HOPLIGHT uses
MiniDuke uses
TA428 uses
GammaWorm uses

Family
BPFDoor uses

Family
CmEx uses
JHUHUGIT uses
Albaniiutas uses
VLTRig uses

Family
Ailurophile Stealer uses

Family
Ermac uses

Family

← Previous

Page / 11

1–12 of 123

Matryoshka #3/3: Gamaredon's Gammasteel Infostealer related

18 MITREs 5 Malwares 2 Observables 1 APT
Threat landscape — Belgium related

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
DDoS-for-Hire Operation Exposed: How an Operator's Debug Build … related

19 MITREs 3 Malwares 10 Observables 1 APT
The Group Theory Inside Bedep's DGA related

1 CVE 16 MITREs 2 Malwares 1 Observable
Silver Fox Targeting India Using Tax Themed Phishing … related

19 MITREs 1 Malware 8 Observables 1 APT
A look at PolarEdge Adjacent Infrastructure related

1 CVE 5 MITREs 1 Malware 4 Observables 1 APT
Ailurophile Stealer related

12 MITREs 1 Malware 3 Observables 1 APT
Profiling and Detecting Malicious DNS Traffic related

16 MITREs 5 Observables
The stealthy trilogy of PurpleInk, InkBox and InkLoader related

20 MITREs 4 Malwares 4 Observables 1 APT
Linux Trojan - Xorddos with Filename eyshcjdmzg related

12 MITREs 1 Malware 11 Observables

Vulnerabilities (CVE) (10)

CVE-2015-0311 targets

CVE-2025-41244 KEV targets

7.8 High

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges …

Attack vector: Local
Published: 30/10/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2017-0199 KEV targets

7.8 High

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …

Attack vector: LOCAL
Complexity: LOW
Published: 12/04/2017
Modified: 22/04/2026

CVE-2025-20265 targets

10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector: Network
Published: 14/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-14847 KEV targets

8.7 High

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue …

Attack vector: NETWORK
Published: 19/12/2025
Modified: 26/01/2026

Awaiting Analysis

CVE-2023-20118 KEV targets

6.5 Medium

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an …

Attack vector: Network
Published: 03/03/2025
Modified: 21/12/2025

CVE-2025-8110 targets

8.7 High

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Published: 10/12/2025
Modified: 12/12/2025

Awaiting Analysis

CVE-2018-0171 KEV targets

9.8 Critical

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected …

Attack vector: NETWORK
Published: 03/11/2021
Modified: 14/01/2026

CVE-2025-7775 KEV targets

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2017-0213 KEV targets

7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector: LOCAL
Complexity: LOW
Published: 12/05/2017
Modified: 22/04/2026

Tool (1)

Mythic uses

The MITRE Corporation Confidence 100

[Mythic](https://attack.mitre.org/software/S0699) is an open source, cross-platform post-exploitation/command and control platform. [Mythic](https://attack.mitre.org/software/S0699) is designed to "plug-n-play" with various agents and communication channels.(Citation: Mythic Github)(Citation: Mythic SpecterOps)(Citation: Mythc Documentation) Deployed…

Campaign (1)

Night Dragon uses

Course Of Action (1)

Network Intrusion Prevention mitigates

Contact About Legal notice Privacy policy Terms of use

T1008: T1008

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (19)

Malware (123)

Reports (10)

Vulnerabilities (CVE) (10)

Tool (1)

Campaign (1)

Course Of Action (1)