EXPLORE

← Back to Explore

T1608

Stage Capabilities

Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting. To support their operations, an adversary may need to take capabilities they developed ([Develop Capabilities](https://attack.mitre.org/techniques/T1587)) or obtained ([Obtain Capabilities](https://attack.mitre.org/techniques/T1588)) and stage them on infrastructure under their control. These capabilities may be staged on infrastructure that was previously purchased/rented by the adversary ([Acqu...

PRE

9

Detections

3

Sources

1

Threat Actors

BY SOURCE

4elastic3splunk_escu2sigma

PROCEDURES (8)

Lateral2 detections

Auto-extracted: 2 detections for lateral

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Azure1 detections

Auto-extracted: 1 detections for azure

Azure1 detections

Auto-extracted: 1 detections for azure

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Download1 detections

Auto-extracted: 1 detections for download

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (1)

DETECTIONS (9)

AWS SNS Topic Created by Rare User

Azure Automation Webhook Created

HybridConnectionManager Service Installation - Registry

M365 OneDrive Malware File Upload

M365 SharePoint Malware File Detected

Suspicious Download from Office Domain

Windows Cobalt Strike PowerShell Loader

Windows Metasploit Confluence Plugin Execution

Windows NorthStar C2 Agent Execution