T1489: T1489
Essential information
- MITRE technique ID
T1489- Confidence
- 100/100
- Revoked
- No
- Published
- 29/03/2019 20:00
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Service Stop
Platforms
windows macos linux IaaS ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | impact |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (62)
-
Hummer relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
INC relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Interlock Ransomware relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
KAWA4096 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Key Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Killnet relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kraken relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kyber relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Medusa Group relatedThe MITRE Corporation Confidence 100
[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as a closed ransomware group before evolving into a Ransomware-as-a-Service (RaaS) operation. Some reporting indicates…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (73)
-
Monster usesFamily
-
PsExec usesFamily
-
FIVEHANDS - S0618 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Embargo usesFamily The MITRE Corporation Confidence 100
[Embargo](https://attack.mitre.org/software/S1247) is a ransomware variant written in Rust that has been active since at least May 2024.(Citation: Cyble Embargo Ransomware May 2024)(Citation: ESET Embargo Ransomware October 2024) [Embargo](https://attack.mitre.org/software/S1247)…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Akira _v2 uses
-
DRYHOOK usesFamily
-
Phobos usesFamily
-
Xorddos usesFamily
-
AcidPour uses
-
SLOTHFULMEDIA uses
-
TesseractStealer usesFamily
-
Dota usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 15 MITREs 1 Malware 8 IOCs 8 Observables
-
AlienVault Confidence 100 21 MITREs 1 Malware 8 IOCs 8 Observables 1 APT
-
19 MITREs 1 Malware 3 Observables 1 APT
-
19 MITREs 1 Malware
-
46 MITREs 6 Malwares 27 Observables 1 APT
-
1 CVE 18 MITREs 6 Malwares 5 Observables
-
2 CVEs 19 MITREs 2 Malwares 14 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 3 Malwares 2 IOCs 2 Observables 1 APT
-
13 CVEs 19 MITREs 2 Malwares 9 Observables
-
AlienVault Confidence 100 19 MITREs 4 Malwares 3 IOCs 3 Observables
-
16 MITREs 10 Malwares 1 Observable
-
14 MITREs 16 Malwares 15 Observables
Vulnerabilities (CVE) (64)
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and …
- Attack vector
- Network
- Complexity
- Low
- Published
- 21/02/2024
- Modified
- 29/04/2026
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- High
- Published
- 04/07/2024
- Modified
- 08/04/2026
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct …
- Attack vector
- Network
- Published
- 13/09/2023
- Modified
- 21/12/2025
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
- Published
- 20/12/2025
- Modified
- 21/12/2025
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing …
- Attack vector
- Adjacent
- Complexity
- Low
- Published
- 24/02/2021
- Modified
- 03/06/2026
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on …
- Published
- 15/02/2024
- Modified
- 21/12/2025
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- Low
- Published
- 29/11/2024
- Modified
- 08/04/2026
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control …
- Attack vector
- LOCAL
- Published
- 01/08/2025
- Modified
- 09/06/2026
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
- Attack vector
- NETWORK
- Published
- 12/12/2024
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
Course Of Action (2)
-
Out-of-Band Communications Channel mitigates
-
User Account Management mitigates