MITRE ATT&CK / T1588.001
T1588.001
Malware
Description
Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).
Platforms
Mitigations
- M1056 — Pre-compromise
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Ghostwriter Deploys Prometheus Phishing Lures Against Ukraine Government Entities
- Screening Serpens: Iranian APT Fuses AppDomainManager Hijacking with New RATs in 2026 Espionage Campaign
- CVE-2026-20182: Cisco Catalyst SD-WAN CVSS 10.0 Auth Bypass Actively Exploited
- Megalodon: Supply Chain Attack Backdoors 5,561 GitHub Repos in Six Hours via CI/CD Workflow Injection
- Stolen Gemini API Keys and AI Fraud: How 'Quantum Patriot' Drained Crypto Wallets via Fake QAnon Content
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →