T1071.004: T1071.004
Essential information
- MITRE technique ID
T1071.004- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 17:27
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
DNS
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (34)
-
UAT-10027 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Khmer Shadow usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-STA-1020 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chimera relatedThe MITRE Corporation Confidence 100
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Baxia relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Kasha relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
LazyScripter relatedThe MITRE Corporation Confidence 100
[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.(Citation: MalwareBytes LazyScripter Feb 2021)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
VBCloud usesFamily
-
CloudAtlas usesFamily
-
BRICKSTORM usesAlienVault Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Dohdoor usesFamily
-
DarkGate usesFamily
-
KaynLdr usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SweetPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sqldoor usesFamily
-
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
InvisiMole uses
-
HERV Phishing Kit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Helminth uses
Reports (41)
-
1 CVE 7 MITREs 1 Malware 5 Observables 1 APT
-
12 MITREs 1 Malware 2 Observables
-
9 MITREs 1 Malware 10 Observables
-
11 MITREs 1 Malware 3 Observables
-
7 MITREs 17 Observables
-
9 MITREs 2 Malwares 2 Observables 1 APT
-
14 MITREs 2 Malwares 3 Observables 1 APT
-
11 MITREs 2 Malwares 18 Observables 1 APT
-
18 MITREs 12 Observables 1 APT
-
9 MITREs 4 Malwares
-
19 MITREs 4 Malwares 29 Observables 1 APT
-
11 MITREs 3 Malwares 16 Observables 1 APT
Vulnerabilities (CVE) (51)
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This …
- Attack vector
- Network
- Published
- 07/02/2025
- Modified
- 21/12/2025
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 29/05/2026
Course Of Action (1)
-
Filter Network Traffic mitigates
Campaign (1)
-
Cutting Edge uses