T1562.004: T1562.004
Essential information
- MITRE technique ID
T1562.004- Confidence
- 100/100
- Revoked
- No
- Published
- 21/02/2020 22:00
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Disable or Modify System Firewall
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (38)
-
VoidLink relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Water Curse relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
Shai-Hulud V2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
sysinitd usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
VLTRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RONINGLOADER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Donut usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Carbanak - S0030 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Raccoon Stealer usesFamily The MITRE Corporation Confidence 100
[Raccoon Stealer](https://attack.mitre.org/software/S1148) is an information stealer malware family active since at least 2019 as a malware-as-a-service offering sold in underground forums. [Raccoon Stealer](https://attack.mitre.org/software/S1148) has experienced two periods of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Brave Prince - S0252 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DRYHOOK usesAlienVault Confidence 100
[DRYHOOK](https://attack.mitre.org/software/S9013) is Python script used to steal credentials. [DRYHOOK](https://attack.mitre.org/software/S9013) was first reported in January 2025, and has previously been leveraged by People's Republic of China (PRC) state-affiliated threat…
First seen 01/01/1970 · Last seen 16/11/5138 · -
PoshC2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GHOSTBLADE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (38)
-
1 CVE 15 MITREs 1 Malware 5 Observables 1 APT
-
18 MITREs 2 Malwares 8 Observables
-
14 MITREs 1 Malware 3 Observables 1 APT
-
20 MITREs 1 Malware 6 Observables 1 APT
-
21 MITREs 4 Malwares 14 Observables 1 APT
-
9 CVEs 18 MITREs 2 Malwares 11 Observables 1 APT
-
9 MITREs 1 Malware 9 Observables 1 APT
-
16 MITREs 1 Malware 1 APT
-
12 MITREs 3 Malwares 2 Observables
-
NOVA: blast from the past related16 MITREs 2 Malwares 1 Observable
-
9 MITREs 2 Malwares 3 Observables
-
4 CVEs 10 MITREs 6 Malwares 7 Observables 1 APT
Vulnerabilities (CVE) (36)
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that …
- Attack vector
- Local
- EPSS
- 0.0001 (P0.6%)
- Published
- 12/02/2026
- Modified
- 18/03/2026
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute …
- Attack vector
- Network
- Published
- 31/05/2023
- Modified
- 21/12/2025
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your …
- Attack vector
- NETWORK
- Published
- 11/02/2025
- Modified
- 21/12/2025
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an …
- Attack vector
- Network
- Published
- 07/11/2023
- Modified
- 21/12/2025
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 17/03/2017
- Modified
- 22/04/2026
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
- Published
- 03/11/2021
- Modified
- 21/12/2025
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated …
- Published
- 28/01/2026
- Modified
- 29/01/2026
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …
- Attack vector
- NETWORK
- Published
- 28/01/2020
- Modified
- 21/12/2025
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …
- Published
- 10/05/2022
- Modified
- 20/12/2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 12/12/2025
- Modified
- 04/04/2026
- Published
- 20/12/2025
- Modified
- 21/12/2025
Campaign (2)
-
SolarWinds Compromise uses
-
APT28 Nearest Neighbor Campaign uses
Course Of Action (2)
-
Restrict File and Directory Permissions mitigates
-
User Account Management mitigates