Home
ATT&CK Techniques
T1608 Stage Capabilities

T1608 Stage Capabilities Mappings

Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting. To support their operations, an adversary may need to take capabilities they developed (Develop Capabilities) or obtained (Obtain Capabilities) and stage them on infrastructure under their control. These capabilities may be staged on infrastructure that was previously purchased/rented by the adversary (Acquire Infrastructure) or was otherwise compromised by them (Compromise Infrastructure). Capabilities can also be staged on web services, such as GitHub or Pastebin.(Citation: Volexity Ocean Lotus November 2020)

Staging of capabilities can aid the adversary in a number of initial access and post-compromise behaviors, including (but not limited to):

Staging web resources necessary to conduct Drive-by Compromise when a user browses to a site.(Citation: FireEye CFR Watering Hole 2012)(Citation: Gallagher 2015)(Citation: ATT ScanBox)
Staging web resources for a link target to be used with spearphishing.(Citation: Malwarebytes Silent Librarian October 2020)(Citation: Proofpoint TA407 September 2019)
Uploading malware or tools to a location accessible to a victim network to enable Ingress Tool Transfer.(Citation: Volexity Ocean Lotus November 2020)
Installing a previously acquired SSL/TLS certificate to use to encrypt command and control traffic (ex: Asymmetric Cryptography with Web Protocols).(Citation: DigiCert Install SSL Cert)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
CVE-2019-16009	Cisco IOS 12.2(15)B	primary_impact	T1608	Stage Capabilities
CVE-2018-15401	Cisco Hosted Collaboration Mediation Fulfillment	primary_impact	T1608	Stage Capabilities
CVE-2019-15288	Cisco TelePresence TC Software	primary_impact	T1608	Stage Capabilities
CVE-2019-1781	Cisco NX-OS Software	primary_impact	T1608	Stage Capabilities
CVE-2019-1768	Cisco NX-OS Software	primary_impact	T1608	Stage Capabilities
CVE-2020-3379	Cisco SD-WAN Solution	primary_impact	T1608	Stage Capabilities
CVE-2019-1857	Cisco HyperFlex HX-Series	primary_impact	T1608	Stage Capabilities
CVE-2018-15466	Cisco Policy Suite (CPS) Software	primary_impact	T1608	Stage Capabilities
CVE-2019-0797	Windows Server	uncategorized	T1608	Stage Capabilities
CVE-2018-8453	Windows 7	uncategorized	T1608	Stage Capabilities
CVE-2018-8440	Windows 7	uncategorized	T1608	Stage Capabilities
CVE-2018-19320	n/a	uncategorized	T1608	Stage Capabilities
CVE-2016-7255	n/a	uncategorized	T1608	Stage Capabilities
CVE-2016-0728	n/a	uncategorized	T1608	Stage Capabilities
CVE-2016-0167	n/a	uncategorized	T1608	Stage Capabilities
CVE-2016-0165	n/a	uncategorized	T1608	Stage Capabilities
CVE-2015-6175	n/a	uncategorized	T1608	Stage Capabilities
CVE-2015-2546	n/a	uncategorized	T1608	Stage Capabilities
CVE-2014-4076	n/a	uncategorized	T1608	Stage Capabilities
CVE-2013-6282	n/a	uncategorized	T1608	Stage Capabilities
CVE-2013-3660	n/a	uncategorized	T1608	Stage Capabilities
CVE-2012-2319	n/a	uncategorized	T1608	Stage Capabilities
CVE-2011-1249	n/a	uncategorized	T1608	Stage Capabilities
CVE-2010-3081	n/a	uncategorized	T1608	Stage Capabilities
CVE-2010-0232	n/a	uncategorized	T1608	Stage Capabilities
CVE-2008-3431	n/a	uncategorized	T1608	Stage Capabilities
CVE-2010-3338	n/a	uncategorized	T1608	Stage Capabilities
action.malware.variety.Unknown	Unknown	related-to	T1608	Stage Capabilities
value_chain.distribution.variety.Unknown	Nothing is known about the need for or type of distribution investment other than it was present.	related-to	T1608	Stage Capabilities

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1608.004	Drive-by Target	2
T1608.003	Install Digital Certificate	2
T1608.005	Link Target	1
T1608.001	Upload Malware	2
T1608.002	Upload Tool	2