T1583.004: Server
| View on MITRE ATT&CK | T1583.004 |
|---|---|
| Tactic(s) | Resource Development |
Data from MITRE ATT&CK®:
Adversaries may buy, lease, or rent physical servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Adversaries may use web servers to support support watering hole operations, as in Drive-by Compromise, or email servers to support Phishing operations. Instead of compromising a third-party Server or renting a Virtual Private Server, adversaries may opt to configure and run their own servers in support of operations.
Adversaries may only need a lightweight setup if most of their activities will take place using online infrastructure. Or, they may need to build extensive infrastructure if they want to test, communicate, and control other aspects of their activities on their own systems.(Citation: NYTStuxnet)
© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Cyber Threat Graph Context
Explore how this ATT&CK Technique relates to the wider threat graph
Reporting on this Technique
FamousSparrow: A suspicious hotel guest
This blog post by researchers from ESET describes the FamousSparrow APT group and associated custom backdoor 'SparrowDoor'. According to the post, ...
Evasive Panda leverages Monlam Festival to target Tibetans
This report by researchers at ESET describes a campaign which they attribute to the China-aligned APT Evasive Panda. The report describes a ...
Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
This report from Recorded Future's Insikt Group describes recent TTPs and infrastructure used for the deployment of the Predator spyware. Predator ...
Earth Preta Campaign Uses DOPLUGS to Target Asia
This blog post by researchers from Trend Micro describes the use of a customized PlugX backdoor which they name DOPLUGS. The DOPLUGS malware uses ...
Mitigations for this technique
MITRE ATT&CK Mitigations
How to detect this technique
MITRE ATT&CK Data Components