T1471: Data Encrypted for Impact
Essential information
- MITRE technique ID
T1471- Confidence
- 100/100
- Revoked
- No
- Published
- 17/12/2025 22:48
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Aliases
T1471
Platforms
android
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | impact |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (20)
-
Daixin usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlueSky usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Black Basta usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Monti usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Dark Power usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Surtr usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RagnarLocker usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
medusa usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 · -
Prestige usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (101)
Reports (1)
-
1 MITRE 1 Malware 1 Observable
Vulnerabilities (CVE) (6)
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the …
- Published
- 03/11/2021
- Modified
- 29/05/2026
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …
- Published
- 10/02/2022
- Modified
- 20/12/2025
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/10/2017
- Modified
- 22/04/2026
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 04/02/2022
- Modified
- 20/12/2025
Tool (1)
-
Xbot usesThe MITRE Corporation Confidence 100
[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)