Adversaries may build capabilities that can be used during targeting. Rather than purchasing, freely downloading, or stealing capabilities, adversaries may develop their own capabilities in-house. This is the process of identifying development requirements and building solutions such as malware, exploits, and self-signed certificates. Adversaries may develop capabilities to support their operations throughout numerous phases of the adversary lifecycle.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: Bitdefender StrongPity June 2020)(Citation: Talos Promethium June 2020)
As with legitimate development efforts, different skill sets may be required for developing capabilities. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the capability.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
action.hacking.variety.Unknown | Unknown | related-to | T1587 | Develop Capabilities |
value_chain.development.variety.Unknown | Nothing is known about the need for or type of development investment other than it was present. | related-to | T1587 | Develop Capabilities |
Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1587.002 | Code Signing Certificates | 2 |
T1587.003 | Digital Certificates | 2 |
T1587.004 | Exploits | 4 |
T1587.001 | Malware | 6 |