T1583.006: T1583.006
Essential information
- MITRE technique ID
T1583.006- Confidence
- 100/100
- Revoked
- No
- Published
- 01/10/2020 02:50
- Modified
- 15/04/2026 19:28
- Author / Source
- The MITRE Corporation
Aliases
Web Services
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | resource-development |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (38)
-
AMOS threat group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT17](https://attack.mitre.org/groups/G0025) is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlueDelta usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DriveSurge usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
IndigoZebra usesThe MITRE Corporation Confidence 100
[IndigoZebra](https://attack.mitre.org/groups/G0136) is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Roaming Mantis usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (36)
-
Lumma Stealer usesFamily
-
STARKVEIL usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
InvisibleFerret usesFamily
-
Cobalt Strike Beacon usesFamily
-
Lorem Ipsum usesFamily
-
GRIMPULL usesFamily
-
installer.dll usesFamily
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Docks usesFamily
-
GITSHELLPAD usesFamily
-
BeaverTail usesFamily
-
Octo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (27)
-
AlienVault Confidence 100 15 MITREs 3 Malwares 96 IOCs 77 Observables
-
AlienVault Confidence 100 19 MITREs 1 Malware 21 IOCs 21 Observables
-
AlienVault Confidence 100 21 MITREs 8 IOCs 8 Observables
-
AlienVault Confidence 100 19 MITREs 32 IOCs 32 Observables 1 APT
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
21 MITREs 27 Observables
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
AlienVault Confidence 100 19 MITREs 3 Malwares 28 IOCs 28 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
-
18 MITREs 5 Observables
-
AlienVault Confidence 100 15 MITREs 9 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 23 IOCs 23 Observables
Campaign (4)
-
Operation Dream Job uses
-
ArcaneDoor uses
-
Operation Sharpshooter uses
-
2025 Poland Wiper Attacks uses
Course Of Action (1)
-
Pre-compromise mitigates