Create infected removable media

Use of removable media as part of the Launch phase requires an adversary to determine type, format, and content of the media and associated malware. [1]

ID: T1355

Tactic: Build Capabilities

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Several exploit repositories and tool suites exist for re-use and tailoring.

References

  1. Security Research labs. (n.d.). BadUSB Exposure. Retrieved March 9, 2017.