Malware

Malware development represents a critical component within the Resource Development phase of the cyber attack lifecycle, where adversaries create, acquire, or modify malicious software designed to compromise target systems. This sub-technique encompasses the production of various malware types including remote access trojans (RATs), ransomware, keyloggers, backdoors, rootkits, and information stealers specifically crafted to achieve adversarial objectives. Unlike publicly available tools, custom malware provides attackers with capabilities that can evade signature-based detection, maintain persistent access to compromised environments, and exfiltrate sensitive data while minimizing detection probability. Sophisticated threat actors often develop their malware with modular architectures, obfuscation techniques, and anti-analysis features to impede reverse engineering efforts and extend operational longevity. The development process may involve programming new code bases, modifying existing malware frameworks, or purchasing capabilities from specialized criminal marketplaces, with the ultimate goal of establishing a foundation for subsequent attack phases including Initial Access, Execution, and Persistence.