T1583.006: T1583.006
Essential information
- MITRE technique ID
T1583.006- Confidence
- 100/100
- Revoked
- No
- Published
- 01/10/2020 02:50
- Modified
- 15/04/2026 19:28
- Author / Source
- The MITRE Corporation
Aliases
Web Services
Platforms
PRE
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | resource-development |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (38)
-
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA578 usesThe MITRE Corporation Confidence 100
[TA578](https://attack.mitre.org/groups/G1038) is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including [Latrodectus](https://attack.mitre.org/software/S1160), [IcedID](https://attack.mitre.org/software/S0483), and [Bumblebee](https://attack.mitre.org/software/S1039).(Citation: Latrodectus APR…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers…
First seen 01/01/1970 · Last seen 16/11/5138 · -
North Korea usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Medusa Group usesThe MITRE Corporation Confidence 100
[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as a closed ransomware group before evolving into a Ransomware-as-a-Service (RaaS) operation. Some reporting indicates…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA2541 usesThe MITRE Corporation Confidence 100
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA415 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
LazyScripter usesThe MITRE Corporation Confidence 100
[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.(Citation: MalwareBytes LazyScripter Feb 2021)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (36)
-
Lumma Stealer usesFamily
-
STARKVEIL usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
InvisibleFerret usesFamily
-
Cobalt Strike Beacon usesFamily
-
Lorem Ipsum usesFamily
-
GRIMPULL usesFamily
-
installer.dll usesFamily
-
XWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Docks usesFamily
-
GITSHELLPAD usesFamily
-
BeaverTail usesFamily
-
Octo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (27)
-
AlienVault Confidence 100 15 MITREs 3 Malwares 96 IOCs 77 Observables
-
AlienVault Confidence 100 19 MITREs 1 Malware 21 IOCs 21 Observables
-
AlienVault Confidence 100 21 MITREs 8 IOCs 8 Observables
-
AlienVault Confidence 100 19 MITREs 32 IOCs 32 Observables 1 APT
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
21 MITREs 27 Observables
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
AlienVault Confidence 100 19 MITREs 3 Malwares 28 IOCs 28 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 13 IOCs 13 Observables
-
18 MITREs 5 Observables
-
AlienVault Confidence 100 15 MITREs 9 IOCs 9 Observables
-
AlienVault Confidence 100 20 MITREs 23 IOCs 23 Observables
Campaign (4)
-
Operation Dream Job uses
-
ArcaneDoor uses
-
Operation Sharpshooter uses
-
2025 Poland Wiper Attacks uses
Course Of Action (1)
-
Pre-compromise mitigates