Information obtained (via shared or submitted samples) regarding malicious software (droppers, backdoors, etc.) used by adversaries
Code, strings, and other signatures that compromise a malicious payload
Code, strings, and other signatures that compromise a malicious payload
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1587 | Develop Capabilities | |
| .001 | Malware | ||
| Enterprise | T1588 | Obtain Capabilities | |
| .001 | Malware | ||
Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information
Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1587 | Develop Capabilities | |
| .001 | Malware | ||
| .002 | Code Signing Certificates | ||
| Enterprise | T1588 | Obtain Capabilities | |
| .001 | Malware | ||
| .002 | Tool | ||
| .003 | Code Signing Certificates | ||