Common Information
| Type | Value |
|---|---|
| Value |
Malware - T1587.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: ActiveMalwareEnergy)(Citation: FBI Flash FIN7 USB) As with legitimate development efforts, different skill sets may be required for developing malware. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's malware development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the malware. Some aspects of malware development, such as C2 protocol development, may require adversaries to obtain additional infrastructure. For example, malware developed that will communicate with Twitter for C2, may require use of [Web Services](https://attack.mitre.org/techniques/T1583/006).(Citation: FireEye APT29) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2008-11-19 | 0 | Under Worm Assault, Military Bans Disks, USB Drives | ||
| Details | Website | 2008-11-17 | 0 | McColo - Who Was Behind It? | ||
| Details | Website | 2008-11-11 | 7 | Microsoft Reveals Malware and Spam Trends | ||
| Details | Website | 2008-11-06 | 26 | Yesterday's Obama Spammer Now Imitates Colonial Bank | ||
| Details | Website | 2008-10-30 | 3 | White Paper on the MS08-067 vulnerability and the associated malware | ||
| Details | Website | 2008-10-28 | 26 | Update on Snort and ClamAV for ms08-067 | ||
| Details | Website | 2008-10-26 | 42 | Phishing Clue Needed in Ecuador | ||
| Details | Website | 2008-10-16 | 0 | Virus Bulletin :: Researchers urge anti-phishing companies to share data | ||
| Details | Website | 2008-10-04 | 0 | IDA Pro Enhances Hostile Code Analysis Support | ||
| Details | Website | 2008-09-29 | 8 | Improving Binary Comparison (and it's implication for malware classification) | ||
| Details | Website | 2008-09-23 | 32 | Digital Certificate Spammer Goes for Google Adwords | ||
| Details | Website | 2008-09-13 | 7 | Internet Landfills: Praise for Brian Krebs | ||
| Details | Website | 2008-09-11 | 15 | Runtime Packers - hold the cheese :: malicious.link — welcome | ||
| Details | Website | 2008-09-09 | 2 | Logical signatures in ClamAV 0.94 | ||
| Details | Website | 2008-08-24 | 2 | The Demented Musings of an Incident Responder | ||
| Details | Website | 2008-08-22 | 12 | Shadow Botnet case may yield spammer Leni Neto | ||
| Details | Website | 2008-08-19 | 38 | Evidence that Georgia DDOS attacks are "populist" in nature | ||
| Details | Website | 2008-08-16 | 0 | Volatility 1.3 is out! | ||
| Details | Website | 2008-08-14 | 145 | Can You Pick the Real MSNBC.Com Breaking News? | ||
| Details | Website | 2008-08-08 | 0 | TJX Update: The Boston Indictments | ||
| Details | Website | 2008-07-17 | 4 | Russian Cybercrooks, CoreFlood, and the Amazing Joe Stewart | ||
| Details | Website | 2008-07-11 | 32 | Verisign, McAfee and Symantec sites can be used for phishing due to XSS | ||
| Details | Website | 2008-06-30 | 0 | Virus Bulletin :: Macs under attack from trojan double whammy | ||
| Details | Website | 2008-06-20 | 9 | CartellaUnicaTasse Trojan | ||
| Details | Website | 2008-06-13 | 0 | Scripting bugs blight security giants' websites |