T1499.003: Application Exhaustion Flood — MITRE ATT&CK Technique

Description

Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.(Citation: Arbor AnnualDoSreport Jan 2018)

Platforms

WindowsIaaSLinuxmacOS

Mitigations (1)

Filter Network TrafficM1037

Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services.(Citation: CERT-EU DDoS March 2017) Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport.

References

Frequently Asked Questions

What is T1499.003 (Application Exhaustion Flood)?

T1499.003 is a MITRE ATT&CK technique named 'Application Exhaustion Flood'. It belongs to the Impact tactic(s). Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications ma...

How can T1499.003 be detected?

Detection of T1499.003 (Application Exhaustion Flood) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1499.003?

There are 1 documented mitigations for T1499.003. Key mitigations include: Filter Network Traffic.

Which threat groups use T1499.003?

While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.