T1562.004: T1562.004
Essential information
- MITRE technique ID
T1562.004- Confidence
- 100/100
- Revoked
- No
- Published
- 21/02/2020 22:00
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Disable or Modify System Firewall
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (39)
-
Velvet Ant relatedThe MITRE Corporation Confidence 100
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
VoidLink relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Water Curse relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
Stealc usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ApolloShadow usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
hero.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Carbanak usesFamily The MITRE Corporation Confidence 100
[Carbanak](https://attack.mitre.org/software/S0030) is a full-featured, remote backdoor used by a group of the same name ([Carbanak](https://attack.mitre.org/groups/G0008)). It is intended for espionage, data exfiltration, and providing remote access to infected…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Remsec usesFamily The MITRE Corporation Confidence 100
[Remsec](https://attack.mitre.org/software/S0125) is a modular backdoor that has been used by [Strider](https://attack.mitre.org/groups/G0041) and appears to have been designed primarily for espionage purposes. Many of its modules are written in…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlackCat - S1068 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Aisuru usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DeadLock usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Hannotog usesFamily The MITRE Corporation Confidence 100
[Hannotog](https://attack.mitre.org/software/S1211) is a type of backdoor malware uniquely assoicated with [Lotus Blossom](https://attack.mitre.org/groups/G0030) operations since at least 2022.(Citation: Symantec Bilbug 2022)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Thoper usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
EDR killer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (39)
-
AlienVault Confidence 100 6 CVEs 20 MITREs 5 Malwares 81 IOCs 4 Observables 1 APT
-
1 CVE 18 MITREs 2 Malwares 8 Observables
-
19 MITREs 3 Malwares 10 Observables 1 APT
-
46 MITREs 6 Malwares 27 Observables 1 APT
-
6 CVEs 19 MITREs 3 Malwares 4 Observables
-
6 MITREs 1 Malware 2 Observables
-
9 MITREs 3 Malwares 10 Observables 1 APT
-
3 CVEs 16 MITREs 5 Observables
-
14 MITREs 1 Malware 2 Observables
-
26 MITREs 11 Observables
-
8 MITREs 1 Malware 9 Observables 1 APT
-
12 MITREs 4 Observables 1 APT
Vulnerabilities (CVE) (42)
- Published
- 20/12/2025
- Modified
- 21/12/2025
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 …
- Attack vector
- NETWORK
- Published
- 20/01/2023
- Modified
- 09/07/2026
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path …
- Published
- 20/12/2017
- Modified
- 13/05/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that …
- Attack vector
- Local
- EPSS
- 0.0001 (P0.6%)
- Published
- 12/02/2026
- Modified
- 18/03/2026
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute …
- Attack vector
- Network
- Published
- 31/05/2023
- Modified
- 21/12/2025
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your …
- Attack vector
- NETWORK
- Published
- 11/02/2025
- Modified
- 21/12/2025
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an …
- Attack vector
- Network
- Published
- 07/11/2023
- Modified
- 21/12/2025
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled …
- Attack vector
- Network
- Published
- 12/05/2023
- Modified
- 21/12/2025
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 17/03/2017
- Modified
- 22/04/2026
- Published
- 09/07/2026
Campaign (2)
-
SolarWinds Compromise uses
-
APT28 Nearest Neighbor Campaign uses
Course Of Action (2)
-
Restrict File and Directory Permissions mitigates
-
User Account Management mitigates