Staging capabilities consists of preparing operational environment required to conduct the operation. This includes activities such as deploying software, uploading data, enabling command and control infrastructure.
|T1379||Disseminate removable media||
Removable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access.
|T1394||Distribute malicious software development tools||
An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.
|T1364||Friend/Follow/Connect to targets of interest||
A form of social engineering designed build trust and to lay the foundation for future interactions or attacks.
|T1365||Hardware or software supply chain implant||
During production and distribution, the placement of software, firmware, or a CPU chip in a computer, handheld, or other electronic device that enables an adversary to gain illegal entrance.
Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack.
|T1362||Upload, install, and configure software/tools||
An adversary may stage software and tools for use during later stages of an attack. The software and tools may be placed on systems legitimately in use by the adversary or may be placed on previously compromised infrastructure.