Obtain Capabilities (T1588)

Adversaries may buy and/or steal capabilities that can be used during targeting. Rather than developing their own capabilities in-house, adversaries may purchase, freely download, or steal them. Activities may include the acquisition of malware, software (including licenses), exploits, certificates, and information relating to vulnerabilities. Adversaries may obtain capabilities to support their operations throughout numerous phases of the adversary lifecycle. In addition to downloading free malware, software, and exploits from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware and exploits, criminal marketplaces, or from individuals.(Citation: NationsBuying)(Citation: PegasusCitizenLab) In addition to purchasing capabilities, adversaries may steal capabilities from third-party entities (including other adversaries). This can include stealing software licenses, malware, SSL/TLS and code-signing certificates, or raiding closed databases of vulnerabilities or exploits.(Citation: DiginotarCompromise)

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Darwin
  • Global
  • Android

Themes

Tags

Licenses

Oasis

2022-04-26

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Based on APT40's initial access and password reuse techniques.
Spring4Shell

2022-04-21

/static/assets/terminal-logo.svg
Initial Access via Spring4Shell Exploit
Python AD discovery

2022-04-06

/static/assets/windows-logo.svg/static/assets/linux-logo.svg
Use Python packet and protocol libraries to perform Active Directory discovery.
Conti Local and Remote Discovery

2022-01-18

/static/assets/windows-logo.svg
Using the Jambi agent from the initial access chain, discover local services, active directory objects, and check the box for PrintNightmare.
Log4j Infrastructure

2022-01-13

/static/assets/linux-logo.svg
Stand up infrastructure to exploit CVE-2021-44228.
Staging Server (Server-side)

2021-11-30

/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy capabilities to a staging server and establish a reverse proxy.