Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)
Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.
In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) | Attack Pattern | Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) | Attack Pattern | 1 |