T1071.004: T1071.004
Essential information
- MITRE technique ID
T1071.004- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 17:27
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
DNS
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (34)
-
OP-512 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Silver Dragon relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Starry Addax relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA-ShadowCricket relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamTNT relatedThe MITRE Corporation Confidence 100
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UAT-8302 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC5221 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNK_DeadDrop relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WageMole relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
VBCloud usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CloudAtlas usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BRICKSTORM usesAlienVault Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Dohdoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DarkGate usesFamily The MITRE Corporation Confidence 100
[DarkGate](https://attack.mitre.org/software/S1111) first emerged in 2018 and has evolved into an initial access and data gathering tool associated with various criminal cyber operations. Written in Delphi and named "DarkGate"…
First seen 01/01/1970 · Last seen 16/11/5138 · -
KaynLdr usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SweetPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sqldoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
InvisiMole usesFamily The MITRE Corporation Confidence 100
[InvisiMole](https://attack.mitre.org/software/S0260) is a modular spyware program that has been used by the InvisiMole Group since at least 2013. [InvisiMole](https://attack.mitre.org/software/S0260) has two backdoor modules called RC2FM and RC2CL that…
First seen 01/01/1970 · Last seen 16/11/5138 · -
HERV Phishing Kit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Helminth usesFamily The MITRE Corporation Confidence 100
[Helminth](https://attack.mitre.org/software/S0170) is a backdoor that has at least two variants - one written in VBScript and PowerShell that is delivered via a macros in Excel spreadsheets, and one…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (41)
-
1 CVE 7 MITREs 1 Malware 5 Observables 1 APT
-
12 MITREs 1 Malware 2 Observables
-
9 MITREs 1 Malware 10 Observables
-
11 MITREs 1 Malware 3 Observables
-
7 MITREs 17 Observables
-
9 MITREs 2 Malwares 2 Observables 1 APT
-
14 MITREs 2 Malwares 3 Observables 1 APT
-
11 MITREs 2 Malwares 18 Observables 1 APT
-
18 MITREs 12 Observables 1 APT
-
9 MITREs 4 Malwares
-
19 MITREs 4 Malwares 29 Observables 1 APT
-
11 MITREs 3 Malwares 16 Observables 1 APT
Vulnerabilities (CVE) (51)
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. …
- Attack vector
- Network
- Published
- 06/10/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Outlook Information Disclosure Vulnerability
- Attack vector
- NETWORK
- Published
- 12/12/2023
- Modified
- 21/12/2025
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a …
- Attack vector
- Network
- Complexity
- Low
- Published
- 03/10/2025
- Modified
- 21/05/2026
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …
- Attack vector
- Network
- Published
- 15/07/2024
- Modified
- 21/12/2025
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/03/2017
- Modified
- 22/04/2026
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Published
- 28/03/2022
- Modified
- 21/12/2025
Course Of Action (1)
-
Filter Network Traffic mitigates
Campaign (1)
-
Cutting Edge uses