T1587 Develop Capabilities Mappings

Adversaries may build capabilities that can be used during targeting. Rather than purchasing, freely downloading, or stealing capabilities, adversaries may develop their own capabilities in-house. This is the process of identifying development requirements and building solutions such as malware, exploits, and self-signed certificates. Adversaries may develop capabilities to support their operations throughout numerous phases of the adversary lifecycle.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: Bitdefender StrongPity June 2020)(Citation: Talos Promethium June 2020)

As with legitimate development efforts, different skill sets may be required for developing capabilities. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the capability.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Unknown Unknown related-to T1587 Develop Capabilities
value_chain.development.variety.Unknown Nothing is known about the need for or type of development investment other than it was present. related-to T1587 Develop Capabilities

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1587.002 Code Signing Certificates 2
T1587.003 Digital Certificates 2
T1587.004 Exploits 4
T1587.001 Malware 6