T1071.004: T1071.004
Essential information
- MITRE technique ID
T1071.004- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 17:27
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
DNS
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (34)
-
OP-512 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Silver Dragon relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Starry Addax relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA-ShadowCricket relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT relatedThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UAT-8302 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC5221 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNK_DeadDrop relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WageMole relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
FlexStarling usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ROKRAT - S0240 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
POWRUNER usesFamily The MITRE Corporation Confidence 100
[POWRUNER](https://attack.mitre.org/software/S0184) is a PowerShell script that sends and receives commands to and from the C2 server. (Citation: FireEye APT34 Dec 2017)
First seen 01/01/1970 · Last seen 16/11/5138 · -
EchoGather usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Maggie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhostKit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SilentCryptoMiner usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hopanet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
rtk-logger usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VBShower - S0442 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Denis usesFamily The MITRE Corporation Confidence 100
[Denis](https://attack.mitre.org/software/S0354) is a Windows backdoor and Trojan used by [APT32](https://attack.mitre.org/groups/G0050). [Denis](https://attack.mitre.org/software/S0354) shares several similarities to the [SOUNDBITE](https://attack.mitre.org/software/S0157) backdoor and has been used in conjunction with the [Goopy](https://attack.mitre.org/software/S0477) backdoor.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
GhostSocks usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (41)
-
1 CVE 7 MITREs 1 Malware 5 Observables 1 APT
-
12 MITREs 1 Malware 2 Observables
-
9 MITREs 1 Malware 10 Observables
-
11 MITREs 1 Malware 3 Observables
-
7 MITREs 17 Observables
-
9 MITREs 2 Malwares 2 Observables 1 APT
-
14 MITREs 2 Malwares 3 Observables 1 APT
-
11 MITREs 2 Malwares 18 Observables 1 APT
-
18 MITREs 12 Observables 1 APT
-
9 MITREs 4 Malwares
-
19 MITREs 4 Malwares 29 Observables 1 APT
-
11 MITREs 3 Malwares 16 Observables 1 APT
Vulnerabilities (CVE) (51)
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance …
- Attack vector
- Network
- Published
- 15/10/2025
- Modified
- 04/02/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
- Attack vector
- Network
- Published
- 15/02/2024
- Modified
- 21/12/2025
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) …
- Attack vector
- NETWORK
- Published
- 05/01/2026
- Modified
- 19/03/2026
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …
- Attack vector
- Network
- Published
- 20/07/2025
- Modified
- 21/12/2025
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …
- Attack vector
- NETWORK
- Published
- 21/07/2025
- Modified
- 21/12/2025
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Course Of Action (1)
-
Filter Network Traffic mitigates
Campaign (1)
-
Cutting Edge uses