The sub-techniques beta is now live! Read the release blog post for more info.

Create infected removable media

Use of removable media as part of the Launch phase requires an adversary to determine type, format, and content of the media and associated malware. [1]

ID: T1355
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Several exploit repositories and tool suites exist for re-use and tailoring.


  1. Security Research labs. (n.d.). BadUSB Exposure. Retrieved March 9, 2017.