Common Information
| Type | Value |
|---|---|
| Value |
Malware - T1587.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: ActiveMalwareEnergy)(Citation: FBI Flash FIN7 USB) As with legitimate development efforts, different skill sets may be required for developing malware. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's malware development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the malware. Some aspects of malware development, such as C2 protocol development, may require adversaries to obtain additional infrastructure. For example, malware developed that will communicate with Twitter for C2, may require use of [Web Services](https://attack.mitre.org/techniques/T1583/006).(Citation: FireEye APT29) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2005-02-01 | 1 | New Trojan for Symbian-based mobile phones | ||
| Details | Website | 2005-01-25 | 5 | Trojaned build of DC++ found in the wild | ||
| Details | Website | 2005-01-20 | 1 | Trojans masquerade as Microsoft AntiSpyware | ||
| Details | Website | 2005-01-05 | 11 | Windows Rootkit Detection | ||
| Details | Website | 2004-11-05 | 2 | More on malware classification | ||
| Details | Website | 2004-09-15 | 1 | General Chat Forum | ||
| Details | Website | 2004-09-10 | 19 | How Malware hides and is installed as a Service | ||
| Details | Website | 2003-01-01 | 0 | Group-IB report: "RedCurl. The pentest you didn’t know about" | ||
| Details | Website | 2002-01-01 | 0 | Protection from targeted attacks (anti-apt) | ||
| Details | Website | 2002-01-01 | 0 | Penetration Testing | ||
| Details | Website | 2000-01-01 | 21 | Automated Malware Analysis Report for m8XMnec4Vb.elf - Generated by Joe Sandbox | ||
| Details | Website | 1970-01-01 | 0 | — | ||
| Details | Website | — | 1 | New Malware Set Identified Used by the SolarWinds Attackers - IBM X-Force Collection | ||
| Details | Website | — | 0 | z0Miner Exploiting ElasticSearch and Jenkins Vulnerabilities - IBM X-Force Collection | ||
| Details | Website | — | 0 | Bazar Anchor and Cobalt Strike - IBM X-Force Collection | ||
| Details | Website | — | 0 | A New Sophisticated ZLoader Invoice Scam Arises - IBM X-Force Collection | ||
| Details | Website | — | 0 | Clast82 Dropper - IBM X-Force Collection | ||
| Details | Website | — | 0 | Renewed SideWinder Activity in South Asia - IBM X-Force Collection | ||
| Details | Website | — | 0 | Intezer Discovers New Linux Backdoor Named RedXOR - IBM X-Force Collection | ||
| Details | Website | — | 0 | FBI FLASH Alert CP-000142-MW and PYSA Ransomware - IBM X-Force Collection | ||
| Details | Website | — | 0 | NimzaLoader Malware - IBM X-Force Collection | ||
| Details | Website | — | 0 | Metamorfo/Mekotio Banking Trojan Uses AutoHotKey Scripting - IBM X-Force Collection | ||
| Details | Website | — | 0 | macOS Adware in Rust - IBM X-Force Collection | ||
| Details | Website | — | 2 | ITG14 Shift To Ransomware With New TTPs - IBM X-Force Collection | ||
| Details | Website | — | 0 | Windows Safe Mode Unsafe From REvil - IBM X-Force Collection |