Create infected removable media

Use of removable media as part of the Launch phase requires an adversary to determine type, format, and content of the media and associated malware. [1]

ID: T1355
Sub-techniques:  No sub-techniques
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Several exploit repositories and tool suites exist for re-use and tailoring.


  1. Security Research labs. (n.d.). BadUSB Exposure. Retrieved March 9, 2017.