Stage Capabilities

Staging capabilities consists of preparing operational environment required to conduct the operation. This includes activities such as deploying software, uploading data, enabling command and control infrastructure.
ID: TA0026

Techniques

Techniques: 6
IDNameDescription
T1379Disseminate removable media

Removable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access.

T1394Distribute malicious software development tools

An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.

T1364Friend/Follow/Connect to targets of interest

A form of social engineering designed build trust and to lay the foundation for future interactions or attacks.

T1365Hardware or software supply chain implant

During production and distribution, the placement of software, firmware, or a CPU chip in a computer, handheld, or other electronic device that enables an adversary to gain illegal entrance.

T1363Port redirector

Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack.

T1362Upload, install, and configure software/tools

An adversary may stage software and tools for use during later stages of an attack. The software and tools may be placed on systems legitimately in use by the adversary or may be placed on previously compromised infrastructure.