1. Home
  2. ATT&CK Techniques
  3. T1554 Compromise Client Software Binary

T1554 Compromise Client Software Binary Mappings

Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server. Common client software types are SSH clients, FTP clients, email clients, and web browsers.

Adversaries may make modifications to client software binaries to carry out malicious tasks when those applications are in use. For example, an adversary may copy source code for the client software, add a backdoor, compile for the target, and replace the legitimate application binary (or support files) with the backdoored one. Since these applications may be routinely executed by the user, the adversary can leverage this for persistent access to the host.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CA-8 Penetration Testing Protects T1554 Compromise Client Software Binary
CM-2 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-6 Configuration Settings Protects T1554 Compromise Client Software Binary
IA-9 Service Identification and Authentication Protects T1554 Compromise Client Software Binary
SI-7 Software, Firmware, and Information Integrity Protects T1554 Compromise Client Software Binary
SR-11 Component Authenticity Protects T1554 Compromise Client Software Binary
SR-4 Provenance Protects T1554 Compromise Client Software Binary
SR-5 Acquisition Strategies, Tools, and Methods Protects T1554 Compromise Client Software Binary
SR-6 Supplier Assessments and Reviews Protects T1554 Compromise Client Software Binary
action.hacking.variety.Backdoor Hacking action that creates a backdoor for use. related-to T1554 Compromise Client Software Binary
action.hacking.vector.Backdoor Hacking actions taken through a backdoor. C2 is only used by malware. related-to T1554 Compromise Client Software Binary
action.malware.variety.Adminware System or network utilities (e.g., PsTools, Netcat) related-to T1554 Compromise Client Software Binary
action.malware.variety.Backdoor Malware creates a backdoor capability for hacking. Child of 'RAT' when combined with 'Trojan'. Child of 'Backdoor or C2'. related-to T1554 Compromise Client Software Binary
action.malware.variety.Backdoor or C2 Malware creates a remote control capability, but it's unclear if it's a backdoor for hacking or C2 for malware. Parent of 'C2' and 'Backdoor'. related-to T1554 Compromise Client Software Binary
action.malware.variety.Trojan An application which appears legitimate but hides malicious functionality. Child of 'RAT' when combined with 'Backdoor' related-to T1554 Compromise Client Software Binary