Skip to content

T1588.001 Malware

Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.

In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).

Item Value
ID T1588.001
Sub-techniques T1588.001, T1588.002, T1588.003, T1588.004, T1588.005, T1588.006
Tactics TA0042
Platforms PRE
Version 1.1
Created 01 October 2020
Last Modified 17 October 2021

Procedure Examples

ID Name Description
G0138 Andariel Andariel has used a variety of publicly-available remote access Trojans (RATs) for its operations.8
G0006 APT1 APT1 used publicly available malware for privilege escalation.7
G0143 Aquatic Panda Aquatic Panda has acquired and used njRAT in its operations.3
G0135 BackdoorDiplomacy BackdoorDiplomacy has obtained and used leaked malware, including DoublePulsar, EternalBlue, EternalRocks, and EternalSynergy, in its operations.2
G0140 LazyScripter LazyScripter has used a variety of open-source remote access Trojans for its operations.4
G0010 Turla Turla has used malware obtained after compromising other threat actors, such as OilRig.56


ID Mitigation Description
M1056 Pre-compromise This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.


ID Data Source Data Component
DS0004 Malware Repository Malware Content


Back to top