1. Home
  2. ATT&CK Techniques
  3. T1072 Software Deployment Tools

T1072 Software Deployment Tools Mappings

Adversaries may gain access to and use third-party software suites installed within an enterprise network, such as administration, monitoring, and deployment systems, to move laterally through the network. Third-party applications and software deployment systems may be in use in the network environment for administration purposes (e.g., SCCM, HBSS, Altiris, etc.).

Access to a third-party network-wide or enterprise-wide software system may enable an adversary to have remote code execution on all systems that are connected to such a system. The access may be used to laterally move to other systems, gather information, or cause a specific effect, such as wiping the hard drives on all endpoints.

The permissions required for this action vary by system configuration; local credentials may be sufficient with direct access to the third-party system, or specific domain credentials may be required. However, the system may require an administrative account to log in or to perform it's intended purpose.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-2 Account Management Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-3 Access Enforcement Protects T1072 Software Deployment Tools
AC-4 Information Flow Enforcement Protects T1072 Software Deployment Tools
AC-5 Separation of Duties Protects T1072 Software Deployment Tools
AC-6 Least Privilege Protects T1072 Software Deployment Tools
CA-7 Continuous Monitoring Protects T1072 Software Deployment Tools
CM-2 Baseline Configuration Protects T1072 Software Deployment Tools
CM-5 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-6 Configuration Settings Protects T1072 Software Deployment Tools
CM-7 Least Functionality Protects T1072 Software Deployment Tools
CM-8 System Component Inventory Protects T1072 Software Deployment Tools
IA-2 Identification and Authentication (organizational Users) Protects T1072 Software Deployment Tools
IA-5 Authenticator Management Protects T1072 Software Deployment Tools
SC-12 Cryptographic Key Establishment and Management Protects T1072 Software Deployment Tools
SC-17 Public Key Infrastructure Certificates Protects T1072 Software Deployment Tools
SC-46 Cross Domain Policy Enforcement Protects T1072 Software Deployment Tools
SC-7 Boundary Protection Protects T1072 Software Deployment Tools
SI-2 Flaw Remediation Protects T1072 Software Deployment Tools
SI-23 Information Fragmentation Protects T1072 Software Deployment Tools
SI-3 Malicious Code Protection Protects T1072 Software Deployment Tools
SI-4 System Monitoring Protects T1072 Software Deployment Tools
SI-7 Software, Firmware, and Information Integrity Protects T1072 Software Deployment Tools
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1072 Software Deployment Tools
action.malware.variety.Adminware System or network utilities (e.g., PsTools, Netcat) related-to T1072 Software Deployment Tools
action.malware.vector.Software update Included in automated software update related-to T1072 Software Deployment Tools
attribute.integrity.variety.Software installation Software installation or code modification related-to T1072 Software Deployment Tools