TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Post compromise tool development
Post compromise tool development
After compromise, an adversary may utilize additional tools to facilitate their end goals. This may include tools to further explore the system, move laterally within a network, exfiltrate data, or destroy data. [1]
ID: T1353
Sub-techniques:
No sub-techniques
Tactic:
Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Post compromise tool development is a standard part of the adversary's protocol in developing the necessary tools required to completely conduct an attack.
References
- Kaspersky Lab's Global Research & Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved March 9, 2017.
×