Common Information
| Type | Value |
|---|---|
| Value |
Malware - T1587.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: ActiveMalwareEnergy)(Citation: FBI Flash FIN7 USB) As with legitimate development efforts, different skill sets may be required for developing malware. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's malware development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the malware. Some aspects of malware development, such as C2 protocol development, may require adversaries to obtain additional infrastructure. For example, malware developed that will communicate with Twitter for C2, may require use of [Web Services](https://attack.mitre.org/techniques/T1583/006).(Citation: FireEye APT29) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | — | 0 | Windows Safe Mode Unsafe From REvil - IBM X-Force Collection | ||
| Details | Website | — | 0 | Thieves Targeting ATMs Across Latin America With New Malware - IBM X-Force Collection | ||
| Details | Website | — | 0 | New Targeted RTM Attacks using Quoter Ransomware - IBM X-Force Collection | ||
| Details | Website | — | 0 | TFlower Ransomware Using MATA Framework - IBM X-Force Collection | ||
| Details | Website | — | 0 | PHP Malware in Images - IBM X-Force Collection | ||
| Details | Website | — | 0 | Recent Sandworm Activity - IBM X-Force Collection | ||
| Details | Website | — | 0 | TeamTNT Targets AWS Instances - IBM X-Force Collection | ||
| Details | Website | — | 0 | NCSC IT: Don't leave your Windows open this Christmas | ||
| Details | Website | — | 0 | New Android Infostealer Seen in the Wild - IBM X-Force Collection | ||
| Details | Website | — | 0 | TOR-Based Botnet Targeting Linux Systems - IBM X-Force Collection | ||
| Details | Website | — | 0 | DarkSide Malware Profile - IBM X-Force Collection | ||
| Details | Website | — | 0 | Netlab at 360 Uncovers Backdoor Targeting Linux Systems - IBM X-Force Collection | ||
| Details | Website | — | 0 | Malware analysis report on SparrowDoor malware | ||
| Details | Website | — | 0 | SolarWinds Actors Strike Again - IBM X-Force Collection | ||
| Details | Website | — | 1 | ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group - IBM X-Force Collection | ||
| Details | Website | — | 0 | What is OT malware? | ||
| Details | Website | — | 0 | Malware & ransomware guidance: the reboot! | ||
| Details | Website | — | 0 | Import data, not malware | ||
| Details | Website | — | 0 | Fake 'missed parcel' messages: advice on avoiding banking malware | ||
| Details | Website | — | 0 | Mitigating malware and ransomware attacks | ||
| Details | Website | — | 0 | APTs & Adversary Groups List - Malware & Ransomware | Crowdstrike Adversary Universe | ||
| Details | Website | — | 0 | Scam 'missed parcel' SMS messages: advice on avoiding malware | ||
| Details | Website | — | 82 | UNKNOWN | ||
| Details | Website | — | 0 | — | ||
| Details | Website | — | 1 | About Us |