MITRE ATT&CK Technique
Resource Development T1588.001
Description

Adversaries may buy, steal, or download malware that can be used during targeting. Malicious software can include payloads, droppers, post-compromise tools, backdoors, packers, and C2 protocols. Adversaries may acquire malware to support their operations, obtaining a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors. In addition to downloading free malware from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware development, criminal marketplaces (including Malware-as-a-Service, or MaaS), or from individuals. In addition to purchasing malware, adversaries may steal and repurpose malware from third-party entities (including other adversaries).

Supported Platforms
PRE
Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data 
{'created': '2020-10-01T02:06:11.499Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may buy, steal, or download malware that can be '
                'used during targeting. Malicious software can include '
                'payloads, droppers, post-compromise tools, backdoors, '
                'packers, and C2 protocols. Adversaries may acquire malware to '
                'support their operations, obtaining a means for maintaining '
                'control of remote machines, evading defenses, and executing '
                'post-compromise behaviors.\n'
                '\n'
                'In addition to downloading free malware from the internet, '
                'adversaries may purchase these capabilities from third-party '
                'entities. Third-party entities can include technology '
                'companies that specialize in malware development, criminal '
                'marketplaces (including Malware-as-a-Service, or MaaS), or '
                'from individuals. In addition to purchasing malware, '
                'adversaries may steal and repurpose malware from third-party '
                'entities (including other adversaries).',
 'external_references': [{'external_id': 'T1588.001',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1588/001'},
                         {'description': 'FireEye. (2014). SUPPLY CHAIN '
                                         'ANALYSIS: From Quartermaster to '
                                         'SunshopFireEye. Retrieved March 6, '
                                         '2017.',
                          'source_name': 'FireEyeSupplyChain',
                          'url': 'https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop'}],
 'id': 'attack-pattern--7807d3a4-a885-4639-a786-c1ed41484970',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'resource-development'}],
 'modified': '2025-10-24T17:48:58.766Z',
 'name': 'Malware',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['PRE'],
 'x_mitre_version': '1.1'}
Quick Actions
Edit TTP Update from Web
Related Threat Actors (13)
LuminousMoth
High
UNC3886
High
Aquatic Panda
High
Earth Lusca
High
Turla
High
View All 13 Actors
Back to TTPs
Dashboard About