TIARAS - T1499.004: Application or System Exploitation

MITRE ATT&CK Technique

Impact T1499.004

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. (Citation: Sucuri BIND9 August 2015) Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent denial of service (DoS) condition. Adversaries may exploit known or zero-day vulnerabilities to crash applications and/or systems, which may also lead to dependent applications and/or systems to be in a DoS condition. Crashed or restarted applications or systems may also have other effects such as [Data Destruction](https://attack.mitre.org/techniques/T1485), [Firmware Corruption](https://attack.mitre.org/techniques/T1495), [Service Stop](https://attack.mitre.org/techniques/T1489) etc. which may further cause a DoS condition and deny availability to critical information, applications and/or systems.

Supported Platforms

Windows IaaS Linux macOS

Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data

{'created': '2020-02-20T15:37:27.052Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may exploit software vulnerabilities that can '
                'cause an application or system to crash and deny availability '
                'to users. (Citation: Sucuri BIND9 August 2015) Some systems '
                'may automatically restart critical applications and services '
                'when crashes occur, but they can likely be re-exploited to '
                'cause a persistent denial of service (DoS) condition.\n'
                '\n'
                'Adversaries may exploit known or zero-day vulnerabilities to '
                'crash applications and/or systems, which may also lead to '
                'dependent applications and/or systems to be in a DoS '
                'condition. Crashed or restarted applications or systems may '
                'also have other effects such as [Data '
                'Destruction](https://attack.mitre.org/techniques/T1485), '
                '[Firmware '
                'Corruption](https://attack.mitre.org/techniques/T1495), '
                '[Service Stop](https://attack.mitre.org/techniques/T1489) '
                'etc. which may further cause a DoS condition and deny '
                'availability to critical information, applications and/or '
                'systems. ',
 'external_references': [{'external_id': 'T1499.004',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1499/004'},
                         {'description': 'Cid, D.. (2015, August 2). BIND9 – '
                                         'Denial of Service Exploit in the '
                                         'Wild. Retrieved April 26, 2019.',
                          'source_name': 'Sucuri BIND9 August 2015',
                          'url': 'https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html'}],
 'id': 'attack-pattern--2bee5ffb-7a7a-4119-b1f2-158151b19ac0',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'impact'}],
 'modified': '2025-10-24T17:48:34.531Z',
 'name': 'Application or System Exploitation',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_impact_type': ['Availability'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Windows', 'IaaS', 'Linux', 'macOS'],
 'x_mitre_version': '1.3'}

Quick Actions

Edit TTP Update from Web

Back to TTPs

Dashboard About