1. Home
  2. ATT&CK Techniques
  3. T1499
  4. T1499.004
Impact

T1499.004: Application or System Exploitation

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically re...

T1499.004 · Sub-technique ·4 platforms

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent denial of service (DoS) condition.

Adversaries may exploit known or zero-day vulnerabilities to crash applications and/or systems, which may also lead to dependent applications and/or systems to be in a DoS condition. Crashed or restarted applications or systems may also have other effects such as Data Destruction, Firmware Corruption, Service Stop etc. which may further cause a DoS condition and deny availability to critical information, applications and/or systems.

Platforms

WindowsIaaSLinuxmacOS

Mitigations (1)

Filter Network TrafficM1037

Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services.(Citation: CERT-EU DDoS March 2017) Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport.

Associated Software (1)

IDNameTypeContext
S0604IndustroyerMalware[Industroyer](https://attack.mitre.org/software/S0604) uses a custom DoS tool that leverages CVE-2015-5374 and targets hardcoded IP addresses of Sieme...

References

Frequently Asked Questions

What is T1499.004 (Application or System Exploitation)?

T1499.004 is a MITRE ATT&CK technique named 'Application or System Exploitation'. It belongs to the Impact tactic(s). Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically re...

How can T1499.004 be detected?

Detection of T1499.004 (Application or System Exploitation) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1499.004?

There are 1 documented mitigations for T1499.004. Key mitigations include: Filter Network Traffic.

Which threat groups use T1499.004?

While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.