T1102.001: T1102.001
Essential information
- MITRE technique ID
T1102.001- Confidence
- 100/100
- Revoked
- No
- Published
- 16/12/2025 19:38
- Modified
- 15/04/2026 12:25
- Author / Source
- The MITRE Corporation
Aliases
Dead Drop Resolver
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (26)
-
Crazy Evil usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA455 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rocke usesThe MITRE Corporation Confidence 100
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CL-STA-1087 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Gamaredon usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Gootloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FreeDrain usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LummaC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlueDelta usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA829 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (98)
-
ShadyHammock usesFamily
-
RUSTCLOAK usesFamily
-
Family
-
Mydoor usesFamily
-
AppleChris usesFamily
-
CloverPlus usesFamily
-
Tsundere Botnet usesFamily
-
Rugmi usesFamily
-
SlugResin usesFamily
-
Vidar usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lumma Stealer usesFamily
-
SHub Reaper usesFamily
Reports (36)
-
AlienVault Confidence 100 19 MITREs 1 Malware 21 IOCs 21 Observables
-
AlienVault Confidence 100 17 MITREs 1 Malware 12 IOCs 12 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 2 Malwares 12 IOCs 12 Observables 1 APT
-
2 CVEs 19 MITREs 6 Malwares 4 Observables 1 APT
-
17 MITREs 3 Malwares 12 Observables
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
17 MITREs 1 Observable 1 APT
-
AlienVault Confidence 100 19 MITREs 4 Malwares 8 IOCs 8 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
-
GachiLoader adopts AI skill lure related19 MITREs 2 Malwares 9 Observables
-
AlienVault Confidence 100 18 MITREs 3 IOCs 3 Observables 1 APT
-
20 MITREs 1 Malware 4 Observables 1 APT
Vulnerabilities (CVE) (7)
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …
- Attack vector
- Network
- Published
- 14/08/2025
- Modified
- 27/05/2026
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a …
- Attack vector
- NETWORK
- Published
- 07/01/2026
- Modified
- 09/03/2026
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
- Published
- 15/02/2022
- Modified
- 02/06/2026
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …
- Attack vector
- Network
- Published
- 26/08/2025
- Modified
- 27/05/2026
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass …
- Attack vector
- Network
- Complexity
- LOW
- Published
- 13/08/2024
- Modified
- 06/06/2026
Campaign (2)
-
C0017 uses
-
3CX Supply Chain Attack uses
Course Of Action (2)
-
Restrict Web-Based Content mitigates
-
Network Intrusion Prevention mitigates