Record summary
A quick snapshot of what this page covers.
ATT&CK object
The broader cybersecurity technique connected to these AI records.
Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can be open or closed source, free or commercial. A tool can be used for malicious purposes by an adversary, but (unlike malware) were not intended to be used for those purposes (ex: PsExec).
Adversaries may obtain tools to support their operations, including to support execution of post-compromise behaviors. Tools may also be leveraged for testing – for example, evaluating malware against commercial antivirus or endpoint detection and response (EDR) applications.(Citation: Forescout Conti Leaks 2022)(Citation: Sentinel Labs Top Tier Target 2025)
Tool acquisition may involve the procurement of commercial software licenses, including for red teaming tools such as Cobalt Strike. In addition to freely downloading or purchasing software, adversaries may steal software and/or software licenses from third-party entities (including other adversaries). Threat actors may also crack trial versions of software.(Citation: Recorded Future Beacon 2019)
- ATT&CK ID
- T1588.002
- STIX ID
- attack-pattern--a2fdce72-04b2-409a-ac10-cc1695f4fce0
- Name
- Tool
- Connected AI records
- 1
Connected AI records
AI security records connected to this cybersecurity technique.
AML.T0016.001 - Software Tools
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.