T1562.004: T1562.004
Essential information
- MITRE technique ID
T1562.004- Confidence
- 100/100
- Revoked
- No
- Published
- 21/02/2020 22:00
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Disable or Modify System Firewall
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (39)
-
Velvet Ant relatedThe MITRE Corporation Confidence 100
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
VoidLink relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Water Curse relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
Shai-Hulud V2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
sysinitd usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VLTRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RONINGLOADER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Donut usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Carbanak - S0030 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Raccoon Stealer usesFamily The MITRE Corporation Confidence 100
[Raccoon Stealer](https://attack.mitre.org/software/S1148) is an information stealer malware family active since at least 2019 as a malware-as-a-service offering sold in underground forums. [Raccoon Stealer](https://attack.mitre.org/software/S1148) has experienced two periods of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Brave Prince - S0252 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DRYHOOK usesAlienVault Confidence 100
[DRYHOOK](https://attack.mitre.org/software/S9013) is Python script used to steal credentials. [DRYHOOK](https://attack.mitre.org/software/S9013) was first reported in January 2025, and has previously been leveraged by People's Republic of China (PRC) state-affiliated threat…
First seen 01/01/1970 · Last seen 16/11/5138 · -
PoshC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GHOSTBLADE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (39)
-
AlienVault Confidence 100 6 CVEs 20 MITREs 5 Malwares 81 IOCs 4 Observables 1 APT
-
1 CVE 18 MITREs 2 Malwares 8 Observables
-
19 MITREs 3 Malwares 10 Observables 1 APT
-
46 MITREs 6 Malwares 27 Observables 1 APT
-
6 CVEs 19 MITREs 3 Malwares 4 Observables
-
6 MITREs 1 Malware 2 Observables
-
9 MITREs 3 Malwares 10 Observables 1 APT
-
3 CVEs 16 MITREs 5 Observables
-
14 MITREs 1 Malware 2 Observables
-
26 MITREs 11 Observables
-
8 MITREs 1 Malware 9 Observables 1 APT
-
12 MITREs 4 Observables 1 APT
Vulnerabilities (CVE) (42)
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, …
- Attack vector
- Local
- Complexity
- Low
- Published
- 30/05/2025
- Modified
- 02/04/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of …
- Attack vector
- NETWORK
- Published
- 08/07/2024
- Modified
- 21/12/2025
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
- Attack vector
- Network
- Published
- 24/01/2024
- Modified
- 21/12/2025
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of …
- Attack vector
- Network
- Published
- 12/12/2025
- Modified
- 18/03/2026
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …
- Attack vector
- NETWORK
- Published
- 28/01/2026
- Modified
- 09/02/2026
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions …
- Attack vector
- NETWORK
- Published
- 23/08/2022
- Modified
- 21/12/2025
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 …
- Attack vector
- NETWORK
- Published
- 20/01/2023
- Modified
- 09/07/2026
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/12/2025
- Modified
- 04/04/2026
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
Campaign (2)
-
SolarWinds Compromise uses
-
APT28 Nearest Neighbor Campaign uses
Course Of Action (2)
-
Restrict File and Directory Permissions mitigates
-
User Account Management mitigates