Payload Execution

Info

ID: ATA-004
Attack Stage: Intrusion
MITRE Tactic: Initial Access

Payload Execution consists of techniques adversaries use to trigger execution of previously delivered malicious content within an application’s runtime. This includes exploiting insecure deserialization or template engines, abusing serverless function invocations, leveraging injection flaws (SQL, command, template), or scheduling jobs to run malicious code. Payload execution tactics transform planted artifacts into active compromise by leveraging legitimate application functionality to achieve code execution.