Build and configure delivery systems
Delivery systems are the infrastructure used by the adversary to host malware or other tools used during exploitation. Building and configuring delivery systems may include multiple activities such as registering domain names, renting hosting space, or configuring previously exploited environments. 
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: It is detectable once deployed to the public Internet, used for adversarial purposes, discovered, and reported to defenders.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: It is easy to create and burn infrastructure. Otherwise, blacklisting would be more successful for defenders.
- Mandiant. (n.d.). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved March 5, 2017.