T1204.001: T1204.001
Essential information
- MITRE technique ID
T1204.001- Confidence
- 100/100
- Revoked
- No
- Published
- 11/03/2020 15:43
- Modified
- 27/03/2026 01:12
- Author / Source
- The MITRE Corporation
Aliases
Malicious Link
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (62)
-
The MITRE Corporation Confidence 100
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. [BlackTech](https://attack.mitre.org/groups/G0098)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlindEagle relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-Speaking Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chinese-speaking threat group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ClickFix relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Coquettte relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Danabot relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DriveSurge relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (74)
-
Penguish usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PeckBirdy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TSCookie usesFamily The MITRE Corporation Confidence 100
[TSCookie](https://attack.mitre.org/software/S0436) is a remote access tool (RAT) that has been used by [BlackTech](https://attack.mitre.org/groups/G0098) in campaigns against Japanese targets.(Citation: JPCert TSCookie March 2018)(Citation: JPCert BlackTech Malware September 2019). [TSCookie](https://attack.mitre.org/software/S0436)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
PowerNet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dridex - S0384 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Tropidoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GammaSteal usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DISGOMOJI usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pony usesFamily The MITRE Corporation Confidence 100
[Pony](https://attack.mitre.org/software/S0453) is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked…
First seen 01/01/1970 · Last seen 16/11/5138 · -
HTTPSnoop usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Reverse RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 20 MITREs 24 IOCs 24 Observables
-
AlienVault Confidence 100 18 MITREs 8 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 2 Malwares 9 IOCs 2 Observables
-
AlienVault Confidence 100 16 MITREs 11 IOCs 11 Observables
-
AlienVault Confidence 100 20 MITREs 5 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 20 MITREs 3 Malwares 28 IOCs 8 Observables
-
"Ghost" Code Phishing Analysis relatedAlienVault Confidence 100 20 MITREs 1 Malware
-
AlienVault Confidence 100 20 MITREs 6 IOCs 3 Observables
-
AlienVault Confidence 100 18 MITREs 5 Malwares 3 IOCs 3 Observables 1 APT
-
AlienVault Confidence 100 14 MITREs 1 Malware 4 IOCs 1 APT
-
AlienVault Confidence 100 28 MITREs 5 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 13 IOCs 13 Observables
Vulnerabilities (CVE) (44)
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and …
- Attack vector
- Network
- Complexity
- LOW
- Published
- 30/07/2025
- Modified
- 02/07/2026
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that …
- Attack vector
- Local
- EPSS
- 0.0001 (P0.6%)
- Published
- 12/02/2026
- Modified
- 18/03/2026
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …
- Published
- 08/06/2022
- Modified
- 21/12/2025
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 27/05/2026
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/10/2017
- Modified
- 22/04/2026
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of …
- Attack vector
- ADJACENT_NETWORK
- Published
- 17/12/2023
- Modified
- 06/03/2026
Campaign (1)
-
Water Curupira Pikabot Distribution uses
Course Of Action (1)
-
Network Intrusion Prevention mitigates