1. Home
  2. ATT&CK Techniques
  3. T1588.001 Malware

T1588.001 Malware Mappings

Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.

In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Unknown Unknown related-to T1588.001 Obtain Capabilities: Malware
action.malware.variety.Unknown Unknown related-to T1588.001 Obtain Capabilities: Malware
value_chain.development.variety.Bot A small program that can be distributed, installed, and controlled en mass. related-to T1588.001 Obtain Capabilities: Malware
value_chain.development.variety.Payload The portion a program that causes a negative effect. related-to T1588.001 Obtain Capabilities: Malware
value_chain.development.variety.Ransomware Ransomware (encrypt or seize stored data) related-to T1588.001 Obtain Capabilities: Malware
value_chain.development.variety.Trojan A program which masquerades as another program to get a target to execute malicious content related-to T1588.001 Obtain Capabilities: Malware