T1588.001: Malware

Data from MITRE ATT&CK®:

Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.

In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Pre-compromise

This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

Malware Content (Malware Repository)

Code, strings, and other signatures that compromise a malicious payload

Malware Metadata (Malware Repository)

Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information

Relevant ClamAV Message

linux