Common Information
| Type | Value |
|---|---|
| Value |
Malware - T1587.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: ActiveMalwareEnergy)(Citation: FBI Flash FIN7 USB) As with legitimate development efforts, different skill sets may be required for developing malware. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's malware development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the malware. Some aspects of malware development, such as C2 protocol development, may require adversaries to obtain additional infrastructure. For example, malware developed that will communicate with Twitter for C2, may require use of [Web Services](https://attack.mitre.org/techniques/T1583/006).(Citation: FireEye APT29) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2009-04-08 | 2 | Trojan:Win32/Shipup.G threat description - Microsoft Security Intelligence | ||
| Details | Website | 2009-04-02 | 0 | Conficker Day - April 1st - Uneventful - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2009-04-01 | 122 | An Analysis of Conficker C | ||
| Details | Website | 2009-03-24 | 0 | Charlie Miller Does It Again At PWN2OWN - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2009-03-20 | 14 | Memory Analysis, for real! | ||
| Details | Website | 2009-03-18 | 166 | Carders do battle through spam - carder.su | ||
| Details | Website | 2009-03-12 | 1 | Malware for Incident Responders - Examples | ||
| Details | Website | 2009-02-26 | 27 | Another Password Stealer hides as Bank of America video malware | ||
| Details | Website | 2009-02-25 | 0 | Conficker variant B - Still detected | ||
| Details | Website | 2009-02-24 | 3 | Detecting Silly Javascript Obfuscation Techniques | ||
| Details | Website | 2009-02-21 | 2 | Looking for "Bad Stuff", part I | ||
| Details | Website | 2009-02-20 | 0 | Bruteforcing Windows over SMB: Tips and Tricks | ||
| Details | Website | 2009-02-18 | 7 | MS09-002 in the wild | ||
| Details | Website | 2009-01-30 | 0 | Dial up security woes from East Africa | ||
| Details | Website | 2009-01-29 | 39 | [Emerging-Sigs] Gozi/Ordergun/Orderjack sig mod + new | ||
| Details | Website | 2009-01-15 | 0 | Next-Gen Botnets Taking The Place of Storm and Srizbi - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2009-01-13 | 0 | Fake CNN Site From Phishing E-mail Serves Trojan - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2009-01-09 | 2 | Got your YARA?? | ||
| Details | Website | 2009-01-06 | 19 | Memory Collection and Analysis Tools | ||
| Details | Website | 2008-12-18 | 51 | Rootkit takes advantage of MS08-078 vulnerability | ||
| Details | Website | 2008-12-11 | 5 | MS08-067 In The Wild | ||
| Details | Website | 2008-12-06 | 2 | Issues with AV | ||
| Details | Website | 2008-12-01 | 0 | Malware Researchers Discover Rootkit HKTL-BRUDEVIC Similar to Sony CD Malware - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2008-11-30 | 17 | Agent.btz - A Threat That Hit Pentagon | ||
| Details | Website | 2008-11-26 | 0 | Spam Back on the Rise with Srizbi Resurrected - Darknet - Hacking Tools, Hacker News & Cyber Security |