Register to stream ATT&CKcon 2.0 October 29-30

Stage Capabilities

Staging capabilities consists of preparing operational environment required to conduct the operation. This includes activities such as deploying software, uploading data, enabling command and control infrastructure.

ID: TA0026

Techniques

Techniques: 6
ID Name Description
T1379 Disseminate removable media

Removable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access.

T1394 Distribute malicious software development tools

An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.

T1364 Friend/Follow/Connect to targets of interest

A form of social engineering designed build trust and to lay the foundation for future interactions or attacks.

T1365 Hardware or software supply chain implant

During production and distribution, the placement of software, firmware, or a CPU chip in a computer, handheld, or other electronic device that enables an adversary to gain illegal entrance.

T1363 Port redirector

Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack.

T1362 Upload, install, and configure software/tools

An adversary may stage software and tools for use during later stages of an attack. The software and tools may be placed on systems legitimately in use by the adversary or may be placed on previously compromised infrastructure.