T1204.001: T1204.001
Essential information
- MITRE technique ID
T1204.001- Confidence
- 100/100
- Revoked
- No
- Published
- 11/03/2020 15:43
- Modified
- 27/03/2026 01:12
- Author / Source
- The MITRE Corporation
Aliases
Malicious Link
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (62)
-
The MITRE Corporation Confidence 100
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. [BlackTech](https://attack.mitre.org/groups/G0098)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlindEagle relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-Speaking Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-speaking threat group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ClickFix relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Coquettte relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Danabot relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DriveSurge relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
Gophish usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NotDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AppleJeus usesFamily The MITRE Corporation Confidence 100
[AppleJeus](https://attack.mitre.org/software/S0584) is a family of downloaders initially discovered in 2018 embedded within trojanized cryptocurrency applications. [AppleJeus](https://attack.mitre.org/software/S0584) has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032), targeting companies in the energy, finance,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
DESFY usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HarborWatch Agent usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Twizt usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SUBTLE-PAWS usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlotchyQuasar usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hancitor usesFamily The MITRE Corporation Confidence 100
[Hancitor](https://attack.mitre.org/software/S0499) is a downloader that has been used by [Pony](https://attack.mitre.org/software/S0453) and other information stealing malware.(Citation: Threatpost Hancitor)(Citation: FireEye Hancitor)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Emotet usesFamily The MITRE Corporation Confidence 100
[Emotet](https://attack.mitre.org/software/S0367) is a modular malware variant which is primarily used as a downloader for other malware variants such as [TrickBot](https://attack.mitre.org/software/S0266) and [IcedID](https://attack.mitre.org/software/S0483). Emotet first emerged in June 2014,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Saint Bot usesFamily The MITRE Corporation Confidence 100
[Saint Bot](https://attack.mitre.org/software/S1018) is a .NET downloader that has been used by [Saint Bear](https://attack.mitre.org/groups/G1031) since at least March 2021.(Citation: Malwarebytes Saint Bot April 2021)(Citation: Palo Alto Unit 42 OutSteel…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ShadowPad - S0596 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 20 MITREs 24 IOCs 24 Observables
-
AlienVault Confidence 100 18 MITREs 8 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 2 Malwares 9 IOCs 2 Observables
-
AlienVault Confidence 100 16 MITREs 11 IOCs 11 Observables
-
AlienVault Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 28 IOCs 8 Observables
-
"Ghost" Code Phishing Analysis relatedAlienVault Confidence 100 20 MITREs 1 Malware
-
AlienVault Confidence 100 20 MITREs 6 IOCs 3 Observables
-
AlienVault Confidence 100 18 MITREs 5 Malwares 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 1 APT
-
AlienVault Confidence 100 28 MITREs 5 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 13 IOCs 13 Observables
Vulnerabilities (CVE) (44)
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and …
- Attack vector
- Network
- Complexity
- LOW
- Published
- 30/07/2025
- Modified
- 02/07/2026
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that …
- Attack vector
- Local
- EPSS
- 0.0001 (P0.6%)
- Published
- 12/02/2026
- Modified
- 18/03/2026
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …
- Published
- 08/06/2022
- Modified
- 21/12/2025
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 27/05/2026
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/10/2017
- Modified
- 22/04/2026
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of …
- Attack vector
- ADJACENT_NETWORK
- Published
- 17/12/2023
- Modified
- 06/03/2026
Campaign (1)
-
Water Curupira Pikabot Distribution uses
Course Of Action (1)
-
Network Intrusion Prevention mitigates