T1102.002: T1102.002
Essential information
- MITRE technique ID
T1102.002- Confidence
- 100/100
- Revoked
- No
- Published
- 14/03/2020 23:34
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Bidirectional Communication
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (59)
-
GrayAlpha usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
IPIDEA usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-26 (Lazarus) usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UAC-0001 (APT28) usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UAC-0057 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Amatera Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GhostClaw usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TAG-100 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Banana Squad usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SVF Team usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
Nymeria usesFamily
-
Bluetrait usesFamily
-
BAT.DownLoader.1138 usesFamily
-
Quasar usesFamily
-
NetSupport RAT usesFamily
-
BADNEWS uses
-
softwareupdate.app usesFamily
-
BoxCaon uses
-
EfsPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DOGCALL uses
-
MoonPeak usesFamily
-
GhostLoader usesFamily
Reports (50)
-
AlienVault Confidence 100 20 MITREs 2 Malwares 11 IOCs 7 Observables 1 APT
-
20 MITREs 19 Observables
-
AlienVault Confidence 100 19 MITREs 11 Malwares 7 IOCs 7 Observables 1 APT
-
19 MITREs 3 Malwares 32 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 1 Malware 7 IOCs 7 Observables
-
2 CVEs 19 MITREs 6 Malwares 4 Observables 1 APT
-
30 MITREs 1 Malware 3 Observables
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
17 MITREs 1 Observable 1 APT
-
AlienVault Confidence 100 16 MITREs 1 Malware 10 IOCs 10 Observables 1 APT
-
AlienVault Confidence 100 15 MITREs 2 Malwares 5 IOCs 5 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 23 IOCs 23 Observables
Vulnerabilities (CVE) (44)
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 28/07/2025
- Modified
- 21/12/2025
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, …
- Attack vector
- Network
- Published
- 19/05/2025
- Modified
- 21/12/2025
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service …
- Published
- 12/12/2025
- Modified
- 12/12/2025
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …
- Attack vector
- Network
- Published
- 03/11/2021
- Modified
- 18/02/2026
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
- Published
- 20/12/2025
- Modified
- 21/12/2025
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
- Attack vector
- Network
- Published
- 24/10/2025
- Modified
- 21/12/2025
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a …
- Attack vector
- NETWORK
- Published
- 01/08/2023
- Modified
- 21/12/2025
RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim …
- Attack vector
- Network
- Published
- 09/06/2025
- Modified
- 21/12/2025
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an …
- Attack vector
- Network
- Published
- 03/03/2025
- Modified
- 21/12/2025
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol …
- Published
- 10/02/2015
- Modified
- 07/05/2026
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including …
- Attack vector
- NETWORK
- Published
- 11/12/2025
- Modified
- 21/12/2025