T1071.004: T1071.004
Essential information
- MITRE technique ID
T1071.004- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 17:27
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
DNS
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (34)
-
OP-512 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Silver Dragon relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Starry Addax relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA-ShadowCricket relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT relatedThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UAT-8302 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC5221 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNK_DeadDrop relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WageMole relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
FlexStarling usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ROKRAT - S0240 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
POWRUNER usesFamily The MITRE Corporation Confidence 100
[POWRUNER](https://attack.mitre.org/software/S0184) is a PowerShell script that sends and receives commands to and from the C2 server. (Citation: FireEye APT34 Dec 2017)
First seen 01/01/1970 · Last seen 16/11/5138 · -
EchoGather usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Maggie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhostKit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SilentCryptoMiner usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hopanet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
rtk-logger usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VBShower - S0442 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Denis usesFamily The MITRE Corporation Confidence 100
[Denis](https://attack.mitre.org/software/S0354) is a Windows backdoor and Trojan used by [APT32](https://attack.mitre.org/groups/G0050). [Denis](https://attack.mitre.org/software/S0354) shares several similarities to the [SOUNDBITE](https://attack.mitre.org/software/S0157) backdoor and has been used in conjunction with the [Goopy](https://attack.mitre.org/software/S0477) backdoor.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
GhostSocks usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (41)
-
AlienVault Confidence 100 20 MITREs 6 IOCs 3 Observables
-
AlienVault Confidence 100 20 MITREs 2 Malwares 29 IOCs 20 Observables 1 APT
-
AlienVault Confidence 100 8 MITREs 5 Malwares 200 IOCs 200 Observables
-
AlienVault Confidence 100 20 MITREs 13 IOCs 13 Observables
-
AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
-
20 MITREs 4 Malwares 18 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 11 Malwares 7 IOCs 7 Observables 1 APT
-
30 MITREs 1 Malware 3 Observables
-
AlienVault Confidence 100 21 MITREs 2 Malwares 7 IOCs 7 Observables
-
1 CVE 21 MITREs 24 Malwares 5 Observables 1 APT
-
3 CVEs 20 MITREs 1 Malware 25 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 10 IOCs 10 Observables
Vulnerabilities (CVE) (51)
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. …
- Attack vector
- Network
- Published
- 06/10/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Outlook Information Disclosure Vulnerability
- Attack vector
- NETWORK
- Published
- 12/12/2023
- Modified
- 21/12/2025
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a …
- Attack vector
- Network
- Complexity
- Low
- Published
- 03/10/2025
- Modified
- 21/05/2026
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …
- Attack vector
- Network
- Published
- 15/07/2024
- Modified
- 21/12/2025
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/03/2017
- Modified
- 22/04/2026
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Published
- 28/03/2022
- Modified
- 21/12/2025
Course Of Action (1)
-
Filter Network Traffic mitigates
Campaign (1)
-
Cutting Edge uses