Show in Graph
Common Information
Type Value
Value 
Malware - T1587.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: ActiveMalwareEnergy)(Citation: FBI Flash FIN7 USB) As with legitimate development efforts, different skill sets may be required for developing malware. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's malware development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the malware. Some aspects of malware development, such as C2 protocol development, may require adversaries to obtain additional infrastructure. For example, malware developed that will communicate with Twitter for C2, may require use of [Web Services](https://attack.mitre.org/techniques/T1583/006).(Citation: FireEye APT29)
Details Published Attributes CTI Title
Details Website 0 archive.ph
Details Website 0 Introducing the Mitigating Malware and Preventing Lateral Movement Guidance
Details Website 0 404 | PixiePoint Security
Details Website 1 Adversary: Mythic Leopard - Threat Actor | Crowdstrike Adversary Universe
Details Website 77 UNKNOWN
Details Website 0 Updating our malware & ransomware guidance
Details Website 2 UNKNOWN
Details Website 1 UNKNOWN
Details Website 57 UNKNOWN