Stage Capabilities

  • Stage Capabilities - Pre-ATT&CK
    • Staging capabilities consists of preparing operational environment required to conduct the operation. This includes activities such as deploying software, uploading data, enabling command and control infrastructure.

Disseminate removable media

  • Disseminate removable media - Pre-ATT&CK
    • Removable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access.

Distribute malicious software development tools


Friend/Follow/Connect to targets of interest


Hardware or software supply chain implant

  • Hardware or software supply chain implant
    • During production and distribution, the placement of software, firmware, or a CPU chip in a computer, handheld, or other electronic device that enables an adversary to gain illegal entrance.

Port Redirector

  • Port Redirector - Pre-ATT&CK
    • Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack.

Upload, install, and configure software/tools