Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
TACTICS
PRE-ATT&CK
Enterprise
Mobile
  1. Home
  2. Tactics
  3. PRE-ATT&CK
  4. Stage Capabilities

Stage Capabilities

Staging capabilities consists of preparing operational environment required to conduct the operation. This includes activities such as deploying software, uploading data, enabling command and control infrastructure.

ID: TA0026
Created: 17 October 2018
Last Modified: 17 October 2018

Techniques

Techniques: 6
ID Name Description
T1379 Disseminate removable media Removable media containing malware can be injected in to a supply chain at large or small scale. It can also be physically placed for someone to find or can be sent to someone in a more targeted manner. The intent is to have the user utilize the removable media on a system where the adversary is trying to gain access.
T1394 Distribute malicious software development tools An adversary could distribute malicious software development tools (e.g., compiler) that hide malicious behavior in software built using the tools.
T1364 Friend/Follow/Connect to targets of interest A form of social engineering designed build trust and to lay the foundation for future interactions or attacks.
T1365 Hardware or software supply chain implant During production and distribution, the placement of software, firmware, or a CPU chip in a computer, handheld, or other electronic device that enables an adversary to gain illegal entrance.
T1363 Port redirector Redirecting a communication request from one address and port number combination to another. May be set up to obfuscate the final location of communications that will occur in later stages of an attack.
T1362 Upload, install, and configure software/tools An adversary may stage software and tools for use during later stages of an attack. The software and tools may be placed on systems legitimately in use by the adversary or may be placed on previously compromised infrastructure.