216.73.217.50

T1588: T1588

View on MITRE ATT&CK The MITRE Corporation · Published 01/10/2020 03:56 · Modified 27/03/2026 01:12

Essential information

MITRE technique ID
T1588
Confidence
100/100
Revoked
No
Published
01/10/2020 03:56
Modified
27/03/2026 01:12
Author / Source
The MITRE Corporation

Aliases

Obtain Capabilities

Platforms

PRE

Description

Adversaries may buy and/or steal capabilities that can be used during targeting. Rather than developing their own capabilities in-house, adversaries may purchase, freely download, or steal them. Activities may include the acquisition of malware, software (including licenses), exploits, certificates, and information relating to vulnerabilities. Adversaries may obtain capabilities to support their operations throughout numerous phases of the adversary lifecycle. In addition to downloading free malware, software, and exploits from the internet, adversaries may purchase these capabilities from third-party entities. Third-party entities can include technology companies that specialize in malware and exploits, criminal marketplaces, or from individuals.(Citation: NationsBuying)(Citation: PegasusCitizenLab) In addition to purchasing capabilities, adversaries may steal capabilities from third-party entities (including other adversaries). This can include stealing software licenses, malware, SSL/TLS and code-signing certificates, or raiding closed databases of vulnerabilities or exploits.(Citation: DiginotarCompromise)

Kill chain phases

Kill chainPhase
mitre-attack resource-development

Marking (TLP)

TLP:GREEN Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references