Common Information
| Type | Value |
|---|---|
| Value |
Server - T1583.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may buy, lease, rent, or obtain physical servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, such as watering hole operations in [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), enabling [Phishing](https://attack.mitre.org/techniques/T1566) operations, or facilitating [Command and Control](https://attack.mitre.org/tactics/TA0011). Instead of compromising a third-party [Server](https://attack.mitre.org/techniques/T1584/004) or renting a [Virtual Private Server](https://attack.mitre.org/techniques/T1583/003), adversaries may opt to configure and run their own servers in support of operations. Free trial periods of cloud servers may also be abused.(Citation: Free Trial PurpleUrchin)(Citation: Freejacked) Adversaries may only need a lightweight setup if most of their activities will take place using online infrastructure. Or, they may need to build extensive infrastructure if they want to test, communicate, and control other aspects of their activities on their own systems.(Citation: NYTStuxnet) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2574-01-02 | 0 | Editors Picks, Apps We Recommend | TechSpot | ||
| Details | Website | 2243-01-01 | 25 | 腾讯安全威胁情报中心推出2023年1月必修安全漏洞清单 | ||
| Details | Website | 2083-07-04 | 9 | SonicWall VPN Portal Critical Flaw (CVE-2020-5135) | ||
| Details | Website | 2083-02-01 | 4 | 守夜人之剑 - 攻防演练漏洞必修清单2023 | ||
| Details | Website | 2061-05-15 | 4 | Flash Notice: Critical Linux Kernel Vulnerability Can Lead to Remote Code Execution | ||
| Details | Website | 2051-02-02 | 32 | UNKNOWN | ||
| Details | Website | 2051-02-02 | 32 | UNKNOWN | ||
| Details | Website | 2050-08-03 | 29 | Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload - CXSecurity.com | ||
| Details | Website | 2049-04-02 | 1 | Apache Exploited Zero-Day Patched - IBM X-Force Collection | ||
| Details | Website | 2049-01-13 | 27 | 腾讯安全威胁情报中心推出2023年7月必修安全漏洞清单 | ||
| Details | Website | 2028-01-01 | 3 | A Tour of the Worm | ||
| Details | Website | 2025-11-07 | 1 | Vault7 - Home | ||
| Details | Website | 2025-01-01 | 11 | Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown) | CTF导航 | ||
| Details | Website | 2024-12-29 | 2 | Cobalt Strike DFIR: Listening to the Pipes — Blake's R&D | ||
| Details | Website | 2024-12-17 | 1 | Log4shell: a threat intelligence perspective — Silent Push Threat Intelligence | ||
| Details | Website | 2024-12-12 | 21 | SECCON2016取证题WriteUP - lightless blog | ||
| Details | Website | 2024-12-09 | 0 | — | ||
| Details | Website | 2024-11-30 | 4 | Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon — Palisade | ||
| Details | Website | 2024-11-22 | 6 | Black Friday e-commerce scam: Comprehensive analysis of PayPal attack vectors. — Silent Push Threat Intelligence | ||
| Details | Website | 2024-11-18 | 0 | NSOグループ、訴えられた後に別のWhatsAppゼロデイを使用、裁判所文書に記載 - PRSOL:CC | ||
| Details | Website | 2024-11-17 | 10 | Shamoon Malware | ||
| Details | Website | 2024-11-17 | 8 | “Embarking on API Security Testing: A Beginner’s Guide to Understanding APIs and Utilizing Postman”… | ||
| Details | Website | 2024-11-17 | 13 | Intigriti 1337Up Live 2024-CTF: Web Challenges | ||
| Details | Website | 2024-11-17 | 3 | “Embarking on API Security Testing: A Beginner’s Guide to Understanding APIs and Utilizing Postman”… | ||
| Details | Website | 2024-11-17 | 0 | Reflected XSS to Stored XSS Hacker’s PlayBook Guide to XSS |