Develop Capabilities

Info

ID: AT-RD002
Tactic: Resource Development
Sub-techniques: Exploits, Malware
Platforms: PRE

Develop Capabilities

Adversaries may create or refine their own malicious tools - such as exploits, implants, or infiltration frameworks - specifically tailored to the target’s technology stack. This might involve coding custom payloads for container escapes, refining scripts for cloud API abuse, or engineering advanced logic bombs hidden within business workflows. By tuning these capabilities, attackers ensure their arsenal can reliably exploit known misconfigurations and vulnerabilities across multiple deployments.

This approach allows threat actors to pivot rapidly once they have basic insight into the environment, especially if they discovered unique architectural quirks during reconnaissance. Custom capabilities can be obfuscated to defeat detection, integrated into off-the-shelf exploitation kits, or combined with social engineering lures. Once developed, these tools can be reused across different victims who share similar application frameworks, making the effort worthwhile for skilled adversaries.