T1562.004: T1562.004
Essential information
- MITRE technique ID
T1562.004- Confidence
- 100/100
- Revoked
- No
- Published
- 21/02/2020 22:00
- Modified
- 27/03/2026 01:09
- Author / Source
- The MITRE Corporation
Aliases
Disable or Modify System Firewall
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (39)
-
DragonBreath usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RansomHub usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AISURU usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rocke usesThe MITRE Corporation Confidence 100
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Key Group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BERT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
RansomHub usesThe MITRE Corporation Confidence 100
[RansomHub](https://attack.mitre.org/software/S1212) is a ransomware-as-a-service (RaaS) offering with Windows, ESXi, Linux, and FreeBSD versions that has been in use since at least 2024 to target organizations in multiple sectors…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Vidar Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
QuasarRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
INC Ransomware usesFamily The MITRE Corporation Confidence 100
[INC Ransomware](https://attack.mitre.org/software/S1139) is a ransomware strain that has been used by the [INC Ransom](https://attack.mitre.org/groups/G1032) group since at least 2023 against multiple industry sectors worldwide. [INC Ransomware](https://attack.mitre.org/software/S1139) can employ…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AsyncRAT - S1087 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AnyDesk usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PHASEJAM usesAlienVault Confidence 100
[PHASEJAM](https://attack.mitre.org/software/S9014) is a dropper written as a bash shell script that modifies Ivanti Connect Secure appliance components. [PHASEJAM](https://attack.mitre.org/software/S9014) was first reported in January 2025. [PHASEJAM](https://attack.mitre.org/software/S9014) has previously been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Backdoor.JS.DULLRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Uphero.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AVKiller usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Xorist usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kasidet usesFamily The MITRE Corporation Confidence 100
[Kasidet](https://attack.mitre.org/software/S0088) is a backdoor that has been dropped by using malicious VBA macros. (Citation: Zscaler Kasidet)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (39)
-
1 CVE 14 MITREs 4 Malwares 46 Observables
-
1 CVE 15 MITREs 1 Malware 5 Observables 1 APT
-
18 MITREs 2 Malwares 8 Observables
-
14 MITREs 1 Malware 3 Observables 1 APT
-
20 MITREs 1 Malware 6 Observables 1 APT
-
21 MITREs 3 Malwares 14 Observables 1 APT
-
9 CVEs 18 MITREs 2 Malwares 11 Observables 1 APT
-
9 MITREs 1 Malware 9 Observables 1 APT
-
16 MITREs 1 Malware 1 APT
-
12 MITREs 3 Malwares 2 Observables
-
NOVA: blast from the past related16 MITREs 2 Malwares 1 Observable
-
9 MITREs 2 Malwares 3 Observables
Vulnerabilities (CVE) (42)
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
- Published
- 03/11/2021
- Modified
- 21/12/2025
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated …
- Published
- 28/01/2026
- Modified
- 29/01/2026
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …
- Attack vector
- NETWORK
- Published
- 28/01/2020
- Modified
- 21/12/2025
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …
- Published
- 10/05/2022
- Modified
- 20/12/2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 12/12/2025
- Modified
- 04/04/2026
- Published
- 20/12/2025
- Modified
- 21/12/2025
Campaign (2)
-
SolarWinds Compromise uses
-
APT28 Nearest Neighbor Campaign uses
Course Of Action (2)
-
Restrict File and Directory Permissions mitigates
-
User Account Management mitigates