T1573.001: T1573.001
Essential information
- MITRE technique ID
T1573.001- Confidence
- 100/100
- Revoked
- No
- Published
- 16/03/2020 16:45
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
Symmetric Cryptography
Platforms
windows macos linux Network Devices ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | command-and-control |
Marking (TLP)
TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (57)
-
HoneyMyte usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC4034 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Lampion usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SloppyLemming usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Grandoreiro usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
OP-512 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-26 (Lazarus) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-28 (ScarCruft) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
Hikit usesFamily The MITRE Corporation Confidence 100
[Hikit](https://attack.mitre.org/software/S0009) is malware that has been used by [Axiom](https://attack.mitre.org/groups/G0001) for late-stage persistence and exfiltration after the initial compromise.(Citation: Novetta-Axiom)(Citation: FireEye Hikit Rootkit)
First seen 01/01/1970 · Last seen 16/11/5138 · -
QUIC RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NDiskMonitor usesFamily The MITRE Corporation Confidence 100
[NDiskMonitor](https://attack.mitre.org/software/S0272) is a custom backdoor written in .NET that appears to be unique to [Patchwork](https://attack.mitre.org/groups/G0040). (Citation: TrendMicro Patchwork Dec 2017)
First seen 01/01/1970 · Last seen 16/11/5138 · -
CoolClient usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GammaPhish usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mafalda usesFamily The MITRE Corporation Confidence 100
[Mafalda](https://attack.mitre.org/software/S1060) is a flexible interactive implant that has been used by [Metador](https://attack.mitre.org/groups/G1013). Security researchers assess the [Mafalda](https://attack.mitre.org/software/S1060) name may be inspired by an Argentinian cartoon character that has…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Gazer usesFamily The MITRE Corporation Confidence 100
[Gazer](https://attack.mitre.org/software/S0168) is a backdoor used by [Turla](https://attack.mitre.org/groups/G0010) since at least 2016. (Citation: ESET Gazer Aug 2017)
First seen 01/01/1970 · Last seen 16/11/5138 · -
down_new usesFamily The MITRE Corporation Confidence 100
[down_new](https://attack.mitre.org/software/S0472) is a downloader that has been used by [BRONZE BUTLER](https://attack.mitre.org/groups/G0060) since at least 2019.(Citation: Trend Micro Tick November 2019)
First seen 01/01/1970 · Last seen 16/11/5138 · -
RTM usesFamily The MITRE Corporation Confidence 100
[RTM](https://attack.mitre.org/software/S0148) is custom malware written in Delphi. It is used by the group of the same name ([RTM](https://attack.mitre.org/groups/G0048)). Newer versions of the malware have been reported publicly as…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Stellar loader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Interlock usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
Boggy Serpens Threat Assessment related1 CVE 15 MITREs 6 Malwares 35 Observables 1 APT
-
1 CVE 14 MITREs 2 Malwares 10 Observables 1 APT
Vulnerabilities (CVE) (52)
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …
- Attack vector
- Network
- Published
- 13/02/2026
- Modified
- 20/02/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions …
- Attack vector
- NETWORK
- Published
- 27/10/2022
- Modified
- 21/12/2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve …
- Attack vector
- Network
- Published
- 02/06/2025
- Modified
- 21/12/2025
Tool (2)
-
QuasarRAT usesThe MITRE Corporation Confidence 100
[QuasarRAT](https://attack.mitre.org/software/S0262) is an open-source, remote access tool that has been publicly available on GitHub since at least 2014. [QuasarRAT](https://attack.mitre.org/software/S0262) is developed in the C# language.(Citation: GitHub QuasarRAT)(Citation: Volexity…
-
Sliver usesThe MITRE Corporation Confidence 100
[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional…