Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.
In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.hacking.variety.Unknown | Unknown | related-to | T1588.001 | Malware | |
| action.malware.variety.Unknown | Unknown | related-to | T1588.001 | Malware | |
| value_chain.development.variety.Bot | A small program that can be distributed, installed, and controlled en mass. | related-to | T1588.001 | Malware | |
| value_chain.development.variety.Payload | The portion a program that causes a negative effect. | related-to | T1588.001 | Malware | |
| value_chain.development.variety.Ransomware | Ransomware (encrypt or seize stored data) | related-to | T1588.001 | Malware | |
| value_chain.development.variety.Trojan | A program which masquerades as another program to get a target to execute malicious content | related-to | T1588.001 | Malware |