T1584.004 Server Mappings

Adversaries may compromise third-party servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Instead of purchasing a Server or Virtual Private Server, adversaries may compromise third-party servers in support of operations.

Adversaries may also compromise web servers to support watering hole operations, as in Drive-by Compromise.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Unknown Unknown related-to T1584.004 Compromise Infrastructure: Server
value_chain.distribution.variety.Compromised server malicious content added to a benign server, such as a webserver, by the actor, without the permission or necessarily knowledge of the server’s owner related-to T1584.004 Compromise Infrastructure: Server
value_chain.non-distribution services.variety.Other The variety of non-distribution service required is known, but is not listed related-to T1584.004 Compromise Infrastructure: Server