Build and configure delivery systems

Delivery systems are the infrastructure used by the adversary to host malware or other tools used during exploitation. Building and configuring delivery systems may include multiple activities such as registering domain names, renting hosting space, or configuring previously exploited environments. [1]

ID: T1347
Sub-techniques:  No sub-techniques
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: It is detectable once deployed to the public Internet, used for adversarial purposes, discovered, and reported to defenders.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: It is easy to create and burn infrastructure. Otherwise, blacklisting would be more successful for defenders.


  1. Mandiant. (n.d.). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved March 5, 2017.