Malware

In the Resource Development phase of an attack, adversaries procure malware to establish capabilities before conducting operations. This sub-technique focuses specifically on the acquisition of malicious software designed to compromise system integrity, exfiltrate data, or establish persistent access. Threat actors may purchase ready-made malware from underground marketplaces, download freely available malicious tools from public repositories, or commission custom malware from specialized developers. Unlike self-developed tools, obtained malware provides adversaries with plausible deniability and reduced development time, though potentially at the cost of customization and uniqueness. The sophistication ranges from commodity Remote Access Trojans (RATs) to advanced modular implants with anti-analysis features. Security teams should implement robust detection capabilities that analyze behavior patterns rather than solely relying on signature-based detection, as obtained malware may evolve through regular updates from its developers or through adversary modifications to bypass standard security controls.