T1071.004: T1071.004
Essential information
- MITRE technique ID
T1071.004- Confidence
- 100/100
- Revoked
- No
- Published
- 15/03/2020 17:27
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
DNS
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (35)
-
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MatanBuchus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC4487 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ITG05 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Storm-2603 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Estries usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
VBCloud usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CloudAtlas usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BRICKSTORM usesAlienVault Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Dohdoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DarkGate usesFamily The MITRE Corporation Confidence 100
[DarkGate](https://attack.mitre.org/software/S1111) first emerged in 2018 and has evolved into an initial access and data gathering tool associated with various criminal cyber operations. Written in Delphi and named "DarkGate"…
First seen 01/01/1970 · Last seen 16/11/5138 · -
KaynLdr usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SweetPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sqldoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AdaptixC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
InvisiMole usesFamily The MITRE Corporation Confidence 100
[InvisiMole](https://attack.mitre.org/software/S0260) is a modular spyware program that has been used by the InvisiMole Group since at least 2013. [InvisiMole](https://attack.mitre.org/software/S0260) has two backdoor modules called RC2FM and RC2CL that…
First seen 01/01/1970 · Last seen 16/11/5138 · -
HERV Phishing Kit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Helminth usesFamily The MITRE Corporation Confidence 100
[Helminth](https://attack.mitre.org/software/S0170) is a backdoor that has at least two variants - one written in VBScript and PowerShell that is delivered via a macros in Excel spreadsheets, and one…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (48)
-
AlienVault Confidence 100 19 MITREs 2 Malwares 13 IOCs 4 Observables 1 APT
-
AlienVault Confidence 100 23 MITREs 3 Malwares 7 IOCs 1 Observable
-
AlienVault Confidence 100 25 CVEs 21 MITREs 7 Malwares 30 IOCs 10 Observables
-
AlienVault Confidence 100 23 MITREs 1 Malware 7 IOCs 5 Observables
-
AlienVault Confidence 100 21 MITREs 2 Malwares
-
AlienVault Confidence 100 18 MITREs 8 IOCs 5 Observables
-
AlienVault Confidence 100 16 MITREs 1 Malware 2 IOCs 2 Observables
-
AlienVault Confidence 100 20 MITREs 6 IOCs 3 Observables
-
AlienVault Confidence 100 20 MITREs 2 Malwares 29 IOCs 20 Observables 1 APT
-
AlienVault Confidence 100 8 MITREs 5 Malwares 200 IOCs 200 Observables
-
AlienVault Confidence 100 20 MITREs 13 IOCs 13 Observables
-
AlienVault Confidence 100 18 MITREs 3 Malwares 8 IOCs 8 Observables 1 APT
Vulnerabilities (CVE) (76)
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 11/03/2017
- Modified
- 22/04/2026
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the …
- EPSS
- 0.0805 (P92.1%)
- Published
- 29/10/2007
- Modified
- 15/07/2026
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
- Published
- 28/03/2022
- Modified
- 21/12/2025
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
- Published
- 25/03/2022
- Modified
- 15/07/2026
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on …
- Published
- 24/06/2025
- Modified
- 20/03/2026
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters …
- Attack vector
- NETWORK
- Published
- 11/06/2019
- Modified
- 15/07/2026
Course Of Action (1)
-
Filter Network Traffic mitigates
Campaign (1)
-
Cutting Edge uses