T1583.006: T1583.006
Essential information
- MITRE technique ID
T1583.006- Confidence
- 100/100
- Revoked
- No
- Published
- 01/10/2020 02:50
- Modified
- 15/04/2026 19:28
- Author / Source
- The MITRE Corporation
Aliases
Web Services
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | resource-development |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (38)
-
AMOS threat group usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT17](https://attack.mitre.org/groups/G0025) is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BlueDelta usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DriveSurge usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
IndigoZebra usesThe MITRE Corporation Confidence 100
[IndigoZebra](https://attack.mitre.org/groups/G0136) is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Roaming Mantis usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (46)
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Docks usesFamily
-
GITSHELLPAD usesFamily
-
BeaverTail usesFamily
-
Octo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TonRAT uses
-
FROSTRIFT usesFamily
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GOSHELL usesFamily
-
RustDoor usesFamily
-
MoqHao uses
-
RedLine Stealer - S1240 uses
Reports (30)
-
18 MITREs 5 Observables
-
AlienVault Confidence 100 15 MITREs 9 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 23 IOCs 23 Observables
-
21 MITREs 3 Observables
-
26 MITREs 2 Malwares 19 Observables
-
8 MITREs 23 Observables 1 APT
-
12 MITREs 2 Malwares 1 APT
-
8 MITREs 71 Observables
-
Unmasking the FreeDrain Network related14 MITREs 1 APT
-
8 MITREs 14 Observables
-
9 MITREs
-
14 MITREs 5 Malwares 4 Observables 1 APT
Vulnerabilities (CVE) (3)
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 14/05/2026
- Modified
- 18/06/2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …
- Attack vector
- Network
- Published
- 25/09/2025
- Modified
- 21/12/2025
Campaign (4)
-
Operation Dream Job uses
-
ArcaneDoor uses
-
Operation Sharpshooter uses
-
2025 Poland Wiper Attacks uses
Course Of Action (1)
-
Pre-compromise mitigates