EXPLORE
Sign In
← Back to Explore
T1608

Stage Capabilities

Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting. To support their operations, an adversary may need to take capabilities they developed ([Develop Capabilities](https://attack.mitre.org/techniques/T1587)) or obtained ([Obtain Capabilities](https://attack.mitre.org/techniques/T1588)) and stage them on infrastructure under their control. These capabilities may be staged on infrastructure that was previously purchased/rented by the adversary ([Acqu...

PRE
6
Detections
2
Sources
1
Threat Actors

BY SOURCE

4elastic2sigma

PROCEDURES (5)

Lateral2 detections

Auto-extracted: 2 detections for lateral

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Azure1 detections

Auto-extracted: 1 detections for azure

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Azure1 detections

Auto-extracted: 1 detections for azure

THREAT ACTORS (1)

Mustang Panda

DETECTIONS (6)

AWS SNS Topic Created by Rare User
elasticlow
Azure Automation Webhook Created
elasticlow
HybridConnectionManager Service Installation - Registry
sigmahigh
M365 OneDrive Malware File Upload
elastichigh
M365 SharePoint Malware File Detected
elastichigh
Suspicious Download from Office Domain
sigmahigh