ENTERPRISE MOBILE PRE-ATT&CK
TECHNIQUES
  1. Home
  2. Techniques
  3. Pre
  4. Post compromise tool development

Post compromise tool development

After compromise, an adversary may utilize additional tools to facilitate their end goals. This may include tools to further explore the system, move laterally within a network, exfiltrate data, or destroy data. [1]

ID: T1353

Tactic: Build Capabilities

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Post compromise tool development is a standard part of the adversary's protocol in developing the necessary tools required to completely conduct an attack.

References

  1. Kaspersky Lab's Global Research & Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved March 9, 2017.